SlideShare a Scribd company logo
1 of 8
Download to read offline
AN UPDATE ON OUR
ACTIVITIES IN
AUTOMATING OSS
COMPLIANCE:
A WORKING SHOWCASE
Sebastian Schuberth
Senior Expert Open Source Services
Bosch Software Innovations GmbH
OpenChain Automotive Workshop
October 29, 2019
Bosch Software Innovations GmbH | INST-CSS/BSV-OS | 10/29/2019
© Bosch Software Innovations GmbH 2017. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution as well as in the event of applications for industrial property rights.
Recap
Introduction
2
Year 2017: The Idea
Year 2018: A Working Community
Year 2019: A Working Showcase
Bosch Software Innovations GmbH | INST-CSS/BSV-OS | 10/29/2019
© Bosch Software Innovations GmbH 2017. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution as well as in the event of applications for industrial property rights.
Introduction
Example enterprise process
Queued for Process
Identification
Audit
ResolveIssues
Reviews
Approvals
Registration
Notices
Verifications
Distribution
Verifications
Own Proprietary Software
3rd Party Software
FOSS
Scan or audit source code
– and – confirm origin and
license of source code
Resolve any audit
issues in line with
company FOSS
policies
Identify FOSS
components for
review
Verify source code packages for
distribution – and – verify
appropriate notices are provided
Record approved
software/version in
inventory per product
and per release
Publish source code,
notices and provide
written offer
Review & approve
compliance record
of FOSS software
components
Compile notices
for publication
Post publication
verifications
Example of Compliance Management End-to-End Process
Outgoing Software
Notices & Attributions
Written Offer
Compliance
Process
3
AUTOMATING OPEN
SOURCE COMPLIANCE
WITH OSS TOOLING
Bosch Software Innovations GmbH | INST-CSS/BSV-OS | 10/29/2019
© Bosch Software Innovations GmbH 2017. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution as well as in the event of applications for industrial property rights.
Automating Open Source Compliance
Why an Open Source Solution?
 End-to-End Open Source Management in Enterprises is crucial for compliant usage of OSS.
 Avoid vendor lock-in.
 Ownership of data is crucial to prevent expensive corner cases.
 Free and open data (“sharing creates value”).
 Long term solution independent from supplier.
 Successful Open Source means defined State-of-the-Art.
5
CI / CD Infrastructure
Build Tools
Continuous
Integration
Artifact Repository
Source Code Repo
Outbound
software
&
Compliance
artifacts
Inbound
software
Contributions
Dependency resolver Binary analyzerContainer content resolver Source package downloader
Component &
application metadata
repository
License & Copyright Scanner
FOSS Compliance
Bundle generator
License metadata
repository
Public
compliance
artifact repos
Issue Tracker
Forensic
Code
Analysis
Service
Compliance
artifact
consistency
Integration layer (API/Data)
ScanCode
License Classifier
Integration layer (API/Data)Integration layer (API/Data)
Integration layer (API/Data) Integration layer (API/Data) Integration layer (API/Data) Integration layer (API/Data) Integration layer (API/Data) Integration layer (API/Data)
Integration layer (API/Data) Integration layer (API/Data)Integration layer (API/Data)
Bang
Automating Open Source Management
Tooling Landscape(License: CC0-1.0)
Bosch Software Innovations GmbH | INST-CSS/BSV-OS | 10/29/2019
© Bosch Software Innovations GmbH 2017. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution as well as in the event of applications for industrial property rights.
Automating Open Source Management
The Toolchain
LicenseObligation
Fulfillment
Build
System
PolicyCheck
Metadata
Completion
BOMManagement
CollectingData
Identification
Software
Heritage
Compliance Workflow
Commercial
Data Provider
7
Local
THANK YOU!

More Related Content

What's hot

OpenChain Japan Work Group Meeting #18 (Virtual Meeting #5) - Keynote Message
OpenChain Japan Work Group Meeting #18 (Virtual Meeting #5) - Keynote MessageOpenChain Japan Work Group Meeting #18 (Virtual Meeting #5) - Keynote Message
OpenChain Japan Work Group Meeting #18 (Virtual Meeting #5) - Keynote MessageShane Coughlan
 
OpenChain Webinar #11 - Open Source Issues Remediation - Jari Koivisto - 2020...
OpenChain Webinar #11 - Open Source Issues Remediation - Jari Koivisto - 2020...OpenChain Webinar #11 - Open Source Issues Remediation - Jari Koivisto - 2020...
OpenChain Webinar #11 - Open Source Issues Remediation - Jari Koivisto - 2020...Shane Coughlan
 
OpenChain Telco - 2022-02-03
OpenChain Telco - 2022-02-03OpenChain Telco - 2022-02-03
OpenChain Telco - 2022-02-03Shane Coughlan
 
OpenChain Webinar #10 - Joint Development Foundation - 2020-08-17
OpenChain Webinar #10 - Joint Development Foundation - 2020-08-17OpenChain Webinar #10 - Joint Development Foundation - 2020-08-17
OpenChain Webinar #10 - Joint Development Foundation - 2020-08-17Shane Coughlan
 
OpenChain Japan Work Group Meeting #16 - Remote Meeting #3
OpenChain Japan Work Group Meeting #16 - Remote Meeting #3OpenChain Japan Work Group Meeting #16 - Remote Meeting #3
OpenChain Japan Work Group Meeting #16 - Remote Meeting #3Shane Coughlan
 
How to Manage OSS Licenses in CI/CD Development
How to Manage OSS Licenses in CI/CD DevelopmentHow to Manage OSS Licenses in CI/CD Development
How to Manage OSS Licenses in CI/CD DevelopmentShane Coughlan
 
Ten Elements of Open Source Governance
Ten Elements of Open Source GovernanceTen Elements of Open Source Governance
Ten Elements of Open Source GovernanceRogue Wave Software
 
Automotive Processes and Open Source
Automotive Processes and Open SourceAutomotive Processes and Open Source
Automotive Processes and Open SourceShane Coughlan
 
Open Source Journey in Moxa: Build up Open Source Office in Hardware Manufact...
Open Source Journey in Moxa: Build up Open Source Office in Hardware Manufact...Open Source Journey in Moxa: Build up Open Source Office in Hardware Manufact...
Open Source Journey in Moxa: Build up Open Source Office in Hardware Manufact...Shane Coughlan
 
Giving Everyone Access To Open Source Best Practices: The OpenChain Curriculum
Giving Everyone Access To Open Source Best Practices: The OpenChain CurriculumGiving Everyone Access To Open Source Best Practices: The OpenChain Curriculum
Giving Everyone Access To Open Source Best Practices: The OpenChain CurriculumShane Coughlan
 
Toyota and Strategic Collaboration with the Community
Toyota and Strategic Collaboration with the CommunityToyota and Strategic Collaboration with the Community
Toyota and Strategic Collaboration with the CommunityShane Coughlan
 
OpenChain & OpenUK Future Leaders Group Presentation (Reduced)
OpenChain & OpenUK Future Leaders Group Presentation (Reduced)OpenChain & OpenUK Future Leaders Group Presentation (Reduced)
OpenChain & OpenUK Future Leaders Group Presentation (Reduced)Shane Coughlan
 
Licensing in Composite Open Source Projects
Licensing in Composite Open Source ProjectsLicensing in Composite Open Source Projects
Licensing in Composite Open Source ProjectsProtecode
 
OIDF Workshop 4/29/2019 -- OpenID Research & Education Working Group Update
OIDF Workshop 4/29/2019 -- OpenID Research & Education Working Group UpdateOIDF Workshop 4/29/2019 -- OpenID Research & Education Working Group Update
OIDF Workshop 4/29/2019 -- OpenID Research & Education Working Group UpdateOpenIDFoundation
 
Licensing in Composite Projects
Licensing in Composite ProjectsLicensing in Composite Projects
Licensing in Composite ProjectsTiberius Forrester
 
OpenChain Reference Tooling Work Group in 2020
OpenChain Reference Tooling Work Group in 2020OpenChain Reference Tooling Work Group in 2020
OpenChain Reference Tooling Work Group in 2020Shane Coughlan
 
Testing and open source in automotive beyond automation and frameworks
Testing and open source in automotive  beyond automation and frameworksTesting and open source in automotive  beyond automation and frameworks
Testing and open source in automotive beyond automation and frameworksAgustin Benito Bethencourt
 
IoTMeetupGuildford#19: Michele Nati, Boosting IoT interoperability, F-Interop...
IoTMeetupGuildford#19: Michele Nati, Boosting IoT interoperability, F-Interop...IoTMeetupGuildford#19: Michele Nati, Boosting IoT interoperability, F-Interop...
IoTMeetupGuildford#19: Michele Nati, Boosting IoT interoperability, F-Interop...MicheleNati
 
Producing Systems That Enable The Innovation That Autonomous Vehicles Will Re...
Producing Systems That Enable The Innovation That Autonomous Vehicles Will Re...Producing Systems That Enable The Innovation That Autonomous Vehicles Will Re...
Producing Systems That Enable The Innovation That Autonomous Vehicles Will Re...Agustin Benito Bethencourt
 
OpenChain Webinar #5: Software Heritage
OpenChain Webinar #5: Software HeritageOpenChain Webinar #5: Software Heritage
OpenChain Webinar #5: Software HeritageShane Coughlan
 

What's hot (20)

OpenChain Japan Work Group Meeting #18 (Virtual Meeting #5) - Keynote Message
OpenChain Japan Work Group Meeting #18 (Virtual Meeting #5) - Keynote MessageOpenChain Japan Work Group Meeting #18 (Virtual Meeting #5) - Keynote Message
OpenChain Japan Work Group Meeting #18 (Virtual Meeting #5) - Keynote Message
 
OpenChain Webinar #11 - Open Source Issues Remediation - Jari Koivisto - 2020...
OpenChain Webinar #11 - Open Source Issues Remediation - Jari Koivisto - 2020...OpenChain Webinar #11 - Open Source Issues Remediation - Jari Koivisto - 2020...
OpenChain Webinar #11 - Open Source Issues Remediation - Jari Koivisto - 2020...
 
OpenChain Telco - 2022-02-03
OpenChain Telco - 2022-02-03OpenChain Telco - 2022-02-03
OpenChain Telco - 2022-02-03
 
OpenChain Webinar #10 - Joint Development Foundation - 2020-08-17
OpenChain Webinar #10 - Joint Development Foundation - 2020-08-17OpenChain Webinar #10 - Joint Development Foundation - 2020-08-17
OpenChain Webinar #10 - Joint Development Foundation - 2020-08-17
 
OpenChain Japan Work Group Meeting #16 - Remote Meeting #3
OpenChain Japan Work Group Meeting #16 - Remote Meeting #3OpenChain Japan Work Group Meeting #16 - Remote Meeting #3
OpenChain Japan Work Group Meeting #16 - Remote Meeting #3
 
How to Manage OSS Licenses in CI/CD Development
How to Manage OSS Licenses in CI/CD DevelopmentHow to Manage OSS Licenses in CI/CD Development
How to Manage OSS Licenses in CI/CD Development
 
Ten Elements of Open Source Governance
Ten Elements of Open Source GovernanceTen Elements of Open Source Governance
Ten Elements of Open Source Governance
 
Automotive Processes and Open Source
Automotive Processes and Open SourceAutomotive Processes and Open Source
Automotive Processes and Open Source
 
Open Source Journey in Moxa: Build up Open Source Office in Hardware Manufact...
Open Source Journey in Moxa: Build up Open Source Office in Hardware Manufact...Open Source Journey in Moxa: Build up Open Source Office in Hardware Manufact...
Open Source Journey in Moxa: Build up Open Source Office in Hardware Manufact...
 
Giving Everyone Access To Open Source Best Practices: The OpenChain Curriculum
Giving Everyone Access To Open Source Best Practices: The OpenChain CurriculumGiving Everyone Access To Open Source Best Practices: The OpenChain Curriculum
Giving Everyone Access To Open Source Best Practices: The OpenChain Curriculum
 
Toyota and Strategic Collaboration with the Community
Toyota and Strategic Collaboration with the CommunityToyota and Strategic Collaboration with the Community
Toyota and Strategic Collaboration with the Community
 
OpenChain & OpenUK Future Leaders Group Presentation (Reduced)
OpenChain & OpenUK Future Leaders Group Presentation (Reduced)OpenChain & OpenUK Future Leaders Group Presentation (Reduced)
OpenChain & OpenUK Future Leaders Group Presentation (Reduced)
 
Licensing in Composite Open Source Projects
Licensing in Composite Open Source ProjectsLicensing in Composite Open Source Projects
Licensing in Composite Open Source Projects
 
OIDF Workshop 4/29/2019 -- OpenID Research & Education Working Group Update
OIDF Workshop 4/29/2019 -- OpenID Research & Education Working Group UpdateOIDF Workshop 4/29/2019 -- OpenID Research & Education Working Group Update
OIDF Workshop 4/29/2019 -- OpenID Research & Education Working Group Update
 
Licensing in Composite Projects
Licensing in Composite ProjectsLicensing in Composite Projects
Licensing in Composite Projects
 
OpenChain Reference Tooling Work Group in 2020
OpenChain Reference Tooling Work Group in 2020OpenChain Reference Tooling Work Group in 2020
OpenChain Reference Tooling Work Group in 2020
 
Testing and open source in automotive beyond automation and frameworks
Testing and open source in automotive  beyond automation and frameworksTesting and open source in automotive  beyond automation and frameworks
Testing and open source in automotive beyond automation and frameworks
 
IoTMeetupGuildford#19: Michele Nati, Boosting IoT interoperability, F-Interop...
IoTMeetupGuildford#19: Michele Nati, Boosting IoT interoperability, F-Interop...IoTMeetupGuildford#19: Michele Nati, Boosting IoT interoperability, F-Interop...
IoTMeetupGuildford#19: Michele Nati, Boosting IoT interoperability, F-Interop...
 
Producing Systems That Enable The Innovation That Autonomous Vehicles Will Re...
Producing Systems That Enable The Innovation That Autonomous Vehicles Will Re...Producing Systems That Enable The Innovation That Autonomous Vehicles Will Re...
Producing Systems That Enable The Innovation That Autonomous Vehicles Will Re...
 
OpenChain Webinar #5: Software Heritage
OpenChain Webinar #5: Software HeritageOpenChain Webinar #5: Software Heritage
OpenChain Webinar #5: Software Heritage
 

Similar to Bosch: AN UPDATE ON OUR ACTIVITIES IN AUTOMATING OSS COMPLIANCE: A WORKING SHOWCASE

Automating OSS Compliance with Open Source & Open Data
Automating OSS Compliance with Open Source & Open DataAutomating OSS Compliance with Open Source & Open Data
Automating OSS Compliance with Open Source & Open DataShane Coughlan
 
Open Source Compliance Toolchain - A Proposal
Open Source Compliance Toolchain - A ProposalOpen Source Compliance Toolchain - A Proposal
Open Source Compliance Toolchain - A ProposalShane Coughlan
 
Open Source as a Business Opportunity
Open Source as a Business OpportunityOpen Source as a Business Opportunity
Open Source as a Business OpportunityAPPSTACLE Project
 
How the Bosch Group is making use of OSGi for IoT - Kai Hackbarth
How the Bosch Group is making use of OSGi for IoT - Kai HackbarthHow the Bosch Group is making use of OSGi for IoT - Kai Hackbarth
How the Bosch Group is making use of OSGi for IoT - Kai Hackbarthmfrancis
 
OSM Toolchain: Use Cases
OSM Toolchain: Use CasesOSM Toolchain: Use Cases
OSM Toolchain: Use CasesShane Coughlan
 
OpenChain Tooling Work Group Meeting #2 - Agenda Slides
OpenChain Tooling Work Group Meeting #2 - Agenda SlidesOpenChain Tooling Work Group Meeting #2 - Agenda Slides
OpenChain Tooling Work Group Meeting #2 - Agenda SlidesShane Coughlan
 
Bosch smart city_demo_260117_complete
Bosch smart city_demo_260117_completeBosch smart city_demo_260117_complete
Bosch smart city_demo_260117_completeAgoria
 
IBM Cognitive Manufacturing Overview Public
IBM Cognitive Manufacturing Overview PublicIBM Cognitive Manufacturing Overview Public
IBM Cognitive Manufacturing Overview PublicThorsten Schroeer
 
Dirk Slama Keynote on the Internet of Things
Dirk Slama Keynote on the Internet of ThingsDirk Slama Keynote on the Internet of Things
Dirk Slama Keynote on the Internet of Thingsinside-BigData.com
 
CWIN17 Toulouse / Opc ua, the de facto interoperability standard for industry...
CWIN17 Toulouse / Opc ua, the de facto interoperability standard for industry...CWIN17 Toulouse / Opc ua, the de facto interoperability standard for industry...
CWIN17 Toulouse / Opc ua, the de facto interoperability standard for industry...Capgemini
 
Tales from an ip worker in consulting and software
Tales from an ip worker in consulting and softwareTales from an ip worker in consulting and software
Tales from an ip worker in consulting and softwareGreg Makowski
 
BlackDuck Suite
BlackDuck SuiteBlackDuck Suite
BlackDuck Suitejeff cheng
 
Lean and Connectivity - Complementing or Contradiction?
Lean and Connectivity - Complementing or Contradiction?Lean and Connectivity - Complementing or Contradiction?
Lean and Connectivity - Complementing or Contradiction?Lean Knowledge Base UG
 
IOTprotocols and overview (SSI)
IOTprotocols and overview (SSI)IOTprotocols and overview (SSI)
IOTprotocols and overview (SSI)Dania Rashid
 
Safeguarding Against the Risks of Improper Open Source Licensing - Valuable...
Safeguarding Against the Risks of Improper Open Source Licensing - Valuable...Safeguarding Against the Risks of Improper Open Source Licensing - Valuable...
Safeguarding Against the Risks of Improper Open Source Licensing - Valuable...ActiveState
 
OSS - enterprise adoption strategy and governance
OSS -  enterprise adoption strategy and governanceOSS -  enterprise adoption strategy and governance
OSS - enterprise adoption strategy and governancePrabir Kr Sarkar
 
Mit APIs auf der Überholspur zur produktorientierten Organisation
Mit APIs auf der Überholspur zur produktorientierten OrganisationMit APIs auf der Überholspur zur produktorientierten Organisation
Mit APIs auf der Überholspur zur produktorientierten OrganisationFabian Hardt
 
Daniel Glueck - How Bosch develops for IBM Connections
Daniel Glueck - How Bosch develops for IBM ConnectionsDaniel Glueck - How Bosch develops for IBM Connections
Daniel Glueck - How Bosch develops for IBM ConnectionsLetsConnect
 
MongoDB IoT City Tour LONDON: Industrial Internet, Industry 4.0, Smart Factor...
MongoDB IoT City Tour LONDON: Industrial Internet, Industry 4.0, Smart Factor...MongoDB IoT City Tour LONDON: Industrial Internet, Industry 4.0, Smart Factor...
MongoDB IoT City Tour LONDON: Industrial Internet, Industry 4.0, Smart Factor...MongoDB
 

Similar to Bosch: AN UPDATE ON OUR ACTIVITIES IN AUTOMATING OSS COMPLIANCE: A WORKING SHOWCASE (20)

Automating OSS Compliance with Open Source & Open Data
Automating OSS Compliance with Open Source & Open DataAutomating OSS Compliance with Open Source & Open Data
Automating OSS Compliance with Open Source & Open Data
 
Open Source Compliance Toolchain - A Proposal
Open Source Compliance Toolchain - A ProposalOpen Source Compliance Toolchain - A Proposal
Open Source Compliance Toolchain - A Proposal
 
Open Source as a Business Opportunity
Open Source as a Business OpportunityOpen Source as a Business Opportunity
Open Source as a Business Opportunity
 
How the Bosch Group is making use of OSGi for IoT - Kai Hackbarth
How the Bosch Group is making use of OSGi for IoT - Kai HackbarthHow the Bosch Group is making use of OSGi for IoT - Kai Hackbarth
How the Bosch Group is making use of OSGi for IoT - Kai Hackbarth
 
OSM Toolchain: Use Cases
OSM Toolchain: Use CasesOSM Toolchain: Use Cases
OSM Toolchain: Use Cases
 
OpenChain Tooling Work Group Meeting #2 - Agenda Slides
OpenChain Tooling Work Group Meeting #2 - Agenda SlidesOpenChain Tooling Work Group Meeting #2 - Agenda Slides
OpenChain Tooling Work Group Meeting #2 - Agenda Slides
 
Bosch smart city_demo_260117_complete
Bosch smart city_demo_260117_completeBosch smart city_demo_260117_complete
Bosch smart city_demo_260117_complete
 
IBM Cognitive Manufacturing Overview Public
IBM Cognitive Manufacturing Overview PublicIBM Cognitive Manufacturing Overview Public
IBM Cognitive Manufacturing Overview Public
 
Dirk Slama Keynote on the Internet of Things
Dirk Slama Keynote on the Internet of ThingsDirk Slama Keynote on the Internet of Things
Dirk Slama Keynote on the Internet of Things
 
CWIN17 Toulouse / Opc ua, the de facto interoperability standard for industry...
CWIN17 Toulouse / Opc ua, the de facto interoperability standard for industry...CWIN17 Toulouse / Opc ua, the de facto interoperability standard for industry...
CWIN17 Toulouse / Opc ua, the de facto interoperability standard for industry...
 
Tales from an ip worker in consulting and software
Tales from an ip worker in consulting and softwareTales from an ip worker in consulting and software
Tales from an ip worker in consulting and software
 
BlackDuck Suite
BlackDuck SuiteBlackDuck Suite
BlackDuck Suite
 
Lean and Connectivity - Complementing or Contradiction?
Lean and Connectivity - Complementing or Contradiction?Lean and Connectivity - Complementing or Contradiction?
Lean and Connectivity - Complementing or Contradiction?
 
IOTprotocols and overview (SSI)
IOTprotocols and overview (SSI)IOTprotocols and overview (SSI)
IOTprotocols and overview (SSI)
 
Oss vs proprietary
Oss vs proprietaryOss vs proprietary
Oss vs proprietary
 
Safeguarding Against the Risks of Improper Open Source Licensing - Valuable...
Safeguarding Against the Risks of Improper Open Source Licensing - Valuable...Safeguarding Against the Risks of Improper Open Source Licensing - Valuable...
Safeguarding Against the Risks of Improper Open Source Licensing - Valuable...
 
OSS - enterprise adoption strategy and governance
OSS -  enterprise adoption strategy and governanceOSS -  enterprise adoption strategy and governance
OSS - enterprise adoption strategy and governance
 
Mit APIs auf der Überholspur zur produktorientierten Organisation
Mit APIs auf der Überholspur zur produktorientierten OrganisationMit APIs auf der Überholspur zur produktorientierten Organisation
Mit APIs auf der Überholspur zur produktorientierten Organisation
 
Daniel Glueck - How Bosch develops for IBM Connections
Daniel Glueck - How Bosch develops for IBM ConnectionsDaniel Glueck - How Bosch develops for IBM Connections
Daniel Glueck - How Bosch develops for IBM Connections
 
MongoDB IoT City Tour LONDON: Industrial Internet, Industry 4.0, Smart Factor...
MongoDB IoT City Tour LONDON: Industrial Internet, Industry 4.0, Smart Factor...MongoDB IoT City Tour LONDON: Industrial Internet, Industry 4.0, Smart Factor...
MongoDB IoT City Tour LONDON: Industrial Internet, Industry 4.0, Smart Factor...
 

More from Shane Coughlan

OpenChain Monthly Meeting North America and Asia - 2024-03-19
OpenChain Monthly Meeting North America and Asia - 2024-03-19OpenChain Monthly Meeting North America and Asia - 2024-03-19
OpenChain Monthly Meeting North America and Asia - 2024-03-19Shane Coughlan
 
OpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS CalculatorOpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS CalculatorShane Coughlan
 
openEuler Community Overview - a presentation showing the current scale
openEuler Community Overview - a presentation showing the current scaleopenEuler Community Overview - a presentation showing the current scale
openEuler Community Overview - a presentation showing the current scaleShane Coughlan
 
OpenChain AI Study Group - North America and Europe - 2024-02-20
OpenChain AI Study Group - North America and Europe - 2024-02-20OpenChain AI Study Group - North America and Europe - 2024-02-20
OpenChain AI Study Group - North America and Europe - 2024-02-20Shane Coughlan
 
AI Study Group North America - Europe 2024-02-06
AI Study Group North America - Europe 2024-02-06AI Study Group North America - Europe 2024-02-06
AI Study Group North America - Europe 2024-02-06Shane Coughlan
 
OpenChain Monthly North America / Europe Call - 2024-02-06
OpenChain Monthly North America / Europe Call - 2024-02-06OpenChain Monthly North America / Europe Call - 2024-02-06
OpenChain Monthly North America / Europe Call - 2024-02-06Shane Coughlan
 
OpenChain Export Control Work Group 2024-01-09
OpenChain Export Control Work Group 2024-01-09OpenChain Export Control Work Group 2024-01-09
OpenChain Export Control Work Group 2024-01-09Shane Coughlan
 
OpenChain Legal Work Group - 2024-01-17
OpenChain Legal Work Group -  2024-01-17OpenChain Legal Work Group -  2024-01-17
OpenChain Legal Work Group - 2024-01-17Shane Coughlan
 
Openchain AI Study Group 2024-01-23.pptx
Openchain AI Study Group 2024-01-23.pptxOpenchain AI Study Group 2024-01-23.pptx
Openchain AI Study Group 2024-01-23.pptxShane Coughlan
 
OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...
OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...
OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...Shane Coughlan
 
Maturity Models - Open Compliance Summit 2023
Maturity Models - Open Compliance Summit 2023Maturity Models - Open Compliance Summit 2023
Maturity Models - Open Compliance Summit 2023Shane Coughlan
 
OpenChain Annual Report 2023 - Key Metrics Slides
OpenChain Annual Report 2023 - Key Metrics SlidesOpenChain Annual Report 2023 - Key Metrics Slides
OpenChain Annual Report 2023 - Key Metrics SlidesShane Coughlan
 
OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27
OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27
OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27Shane Coughlan
 
FOSSLight Community Day 2023-11-30
FOSSLight Community Day 2023-11-30FOSSLight Community Day 2023-11-30
FOSSLight Community Day 2023-11-30Shane Coughlan
 
OpenChain Webinar #56: Generative AI and Your Code
OpenChain Webinar #56: Generative AI and Your CodeOpenChain Webinar #56: Generative AI and Your Code
OpenChain Webinar #56: Generative AI and Your CodeShane Coughlan
 
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptx
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptxFrom One Standard to a Family - Taiwan Work Group - 2023-08-15.pptx
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptxShane Coughlan
 
OpenChain Japan Work Group Meeting #28 - 2023-07-11
OpenChain Japan Work Group Meeting #28 - 2023-07-11OpenChain Japan Work Group Meeting #28 - 2023-07-11
OpenChain Japan Work Group Meeting #28 - 2023-07-11Shane Coughlan
 
OpenChain Legal Work Group - 2023-06-29
OpenChain Legal Work Group - 2023-06-29OpenChain Legal Work Group - 2023-06-29
OpenChain Legal Work Group - 2023-06-29Shane Coughlan
 
OpenChain Webinar #53 – OpenSCA
OpenChain Webinar #53 – OpenSCAOpenChain Webinar #53 – OpenSCA
OpenChain Webinar #53 – OpenSCAShane Coughlan
 
OpenChain Korea Work Group Meeting #18
OpenChain Korea Work Group Meeting #18OpenChain Korea Work Group Meeting #18
OpenChain Korea Work Group Meeting #18Shane Coughlan
 

More from Shane Coughlan (20)

OpenChain Monthly Meeting North America and Asia - 2024-03-19
OpenChain Monthly Meeting North America and Asia - 2024-03-19OpenChain Monthly Meeting North America and Asia - 2024-03-19
OpenChain Monthly Meeting North America and Asia - 2024-03-19
 
OpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS CalculatorOpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS Calculator
 
openEuler Community Overview - a presentation showing the current scale
openEuler Community Overview - a presentation showing the current scaleopenEuler Community Overview - a presentation showing the current scale
openEuler Community Overview - a presentation showing the current scale
 
OpenChain AI Study Group - North America and Europe - 2024-02-20
OpenChain AI Study Group - North America and Europe - 2024-02-20OpenChain AI Study Group - North America and Europe - 2024-02-20
OpenChain AI Study Group - North America and Europe - 2024-02-20
 
AI Study Group North America - Europe 2024-02-06
AI Study Group North America - Europe 2024-02-06AI Study Group North America - Europe 2024-02-06
AI Study Group North America - Europe 2024-02-06
 
OpenChain Monthly North America / Europe Call - 2024-02-06
OpenChain Monthly North America / Europe Call - 2024-02-06OpenChain Monthly North America / Europe Call - 2024-02-06
OpenChain Monthly North America / Europe Call - 2024-02-06
 
OpenChain Export Control Work Group 2024-01-09
OpenChain Export Control Work Group 2024-01-09OpenChain Export Control Work Group 2024-01-09
OpenChain Export Control Work Group 2024-01-09
 
OpenChain Legal Work Group - 2024-01-17
OpenChain Legal Work Group -  2024-01-17OpenChain Legal Work Group -  2024-01-17
OpenChain Legal Work Group - 2024-01-17
 
Openchain AI Study Group 2024-01-23.pptx
Openchain AI Study Group 2024-01-23.pptxOpenchain AI Study Group 2024-01-23.pptx
Openchain AI Study Group 2024-01-23.pptx
 
OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...
OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...
OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...
 
Maturity Models - Open Compliance Summit 2023
Maturity Models - Open Compliance Summit 2023Maturity Models - Open Compliance Summit 2023
Maturity Models - Open Compliance Summit 2023
 
OpenChain Annual Report 2023 - Key Metrics Slides
OpenChain Annual Report 2023 - Key Metrics SlidesOpenChain Annual Report 2023 - Key Metrics Slides
OpenChain Annual Report 2023 - Key Metrics Slides
 
OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27
OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27
OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27
 
FOSSLight Community Day 2023-11-30
FOSSLight Community Day 2023-11-30FOSSLight Community Day 2023-11-30
FOSSLight Community Day 2023-11-30
 
OpenChain Webinar #56: Generative AI and Your Code
OpenChain Webinar #56: Generative AI and Your CodeOpenChain Webinar #56: Generative AI and Your Code
OpenChain Webinar #56: Generative AI and Your Code
 
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptx
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptxFrom One Standard to a Family - Taiwan Work Group - 2023-08-15.pptx
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptx
 
OpenChain Japan Work Group Meeting #28 - 2023-07-11
OpenChain Japan Work Group Meeting #28 - 2023-07-11OpenChain Japan Work Group Meeting #28 - 2023-07-11
OpenChain Japan Work Group Meeting #28 - 2023-07-11
 
OpenChain Legal Work Group - 2023-06-29
OpenChain Legal Work Group - 2023-06-29OpenChain Legal Work Group - 2023-06-29
OpenChain Legal Work Group - 2023-06-29
 
OpenChain Webinar #53 – OpenSCA
OpenChain Webinar #53 – OpenSCAOpenChain Webinar #53 – OpenSCA
OpenChain Webinar #53 – OpenSCA
 
OpenChain Korea Work Group Meeting #18
OpenChain Korea Work Group Meeting #18OpenChain Korea Work Group Meeting #18
OpenChain Korea Work Group Meeting #18
 

Recently uploaded

[ CNCF Q1 2024 ] Intro to Continuous Profiling and Grafana Pyroscope.pdf
[ CNCF Q1 2024 ] Intro to Continuous Profiling and Grafana Pyroscope.pdf[ CNCF Q1 2024 ] Intro to Continuous Profiling and Grafana Pyroscope.pdf
[ CNCF Q1 2024 ] Intro to Continuous Profiling and Grafana Pyroscope.pdfSteve Caron
 
oracle 23c new features for developer and dba
oracle 23c new features for developer and dbaoracle 23c new features for developer and dba
oracle 23c new features for developer and dbaRemote DBA Services
 
Mastering Project Planning with Microsoft Project 2016.pptx
Mastering Project Planning with Microsoft Project 2016.pptxMastering Project Planning with Microsoft Project 2016.pptx
Mastering Project Planning with Microsoft Project 2016.pptxAS Design & AST.
 
Revolutionize Your Video Editing with InVideo.io: A Comprehensive Review
Revolutionize Your Video Editing with InVideo.io: A Comprehensive ReviewRevolutionize Your Video Editing with InVideo.io: A Comprehensive Review
Revolutionize Your Video Editing with InVideo.io: A Comprehensive Reviewjw364beach
 
SAM Training Session - How to use EXCEL ?
SAM Training Session - How to use EXCEL ?SAM Training Session - How to use EXCEL ?
SAM Training Session - How to use EXCEL ?Alexandre Beguel
 
Leveraging the Expertise of a Social Media Fraud Analyst to Safeguard Brand R...
Leveraging the Expertise of a Social Media Fraud Analyst to Safeguard Brand R...Leveraging the Expertise of a Social Media Fraud Analyst to Safeguard Brand R...
Leveraging the Expertise of a Social Media Fraud Analyst to Safeguard Brand R...Milind Agarwal
 
Chapter -5 Agile Testing types and its examples.pptx
Chapter -5 Agile Testing types and its examples.pptxChapter -5 Agile Testing types and its examples.pptx
Chapter -5 Agile Testing types and its examples.pptxManishaPatil932723
 
Effort Estimation Techniques used in Software Projects
Effort Estimation Techniques used in Software ProjectsEffort Estimation Techniques used in Software Projects
Effort Estimation Techniques used in Software ProjectsDEEPRAJ PATHAK
 
OpenMetadata Community Meeting - 4th April, 2024
OpenMetadata Community Meeting - 4th April, 2024OpenMetadata Community Meeting - 4th April, 2024
OpenMetadata Community Meeting - 4th April, 2024OpenMetadata
 
Pros and Cons of Selenium In Automation Testing_ A Comprehensive Assessment.pdf
Pros and Cons of Selenium In Automation Testing_ A Comprehensive Assessment.pdfPros and Cons of Selenium In Automation Testing_ A Comprehensive Assessment.pdf
Pros and Cons of Selenium In Automation Testing_ A Comprehensive Assessment.pdfkalichargn70th171
 
Tech Tuesday Slides - Getting Started with the Portfolio Module.
Tech Tuesday Slides - Getting Started with the Portfolio Module.Tech Tuesday Slides - Getting Started with the Portfolio Module.
Tech Tuesday Slides - Getting Started with the Portfolio Module.OnePlan Solutions
 
Advantages of Cargo Cloud Solutions.pptx
Advantages of Cargo Cloud Solutions.pptxAdvantages of Cargo Cloud Solutions.pptx
Advantages of Cargo Cloud Solutions.pptxRTS corp
 
Business Analyzopedia - Your Pocket Gita for Business Analysis
Business Analyzopedia - Your Pocket Gita for Business AnalysisBusiness Analyzopedia - Your Pocket Gita for Business Analysis
Business Analyzopedia - Your Pocket Gita for Business AnalysisDEEPRAJ PATHAK
 
full course of software engineering mid term.pdf
full course of software engineering mid term.pdffull course of software engineering mid term.pdf
full course of software engineering mid term.pdfAbdul salam
 
logical backup of Oracle Datapump-detailed.pptx
logical backup of Oracle Datapump-detailed.pptxlogical backup of Oracle Datapump-detailed.pptx
logical backup of Oracle Datapump-detailed.pptxRemote DBA Services
 
What is Mendix and the concept of low-code development.docx
What is Mendix and the concept of low-code development.docxWhat is Mendix and the concept of low-code development.docx
What is Mendix and the concept of low-code development.docxTechnogeeks
 
Keeping your build tool updated in a multi repository world
Keeping your build tool updated in a multi repository worldKeeping your build tool updated in a multi repository world
Keeping your build tool updated in a multi repository worldRoberto Pérez Alcolea
 
AmsterdamJUG April 2024 - Going serverless with Quarkus GraalVM native images...
AmsterdamJUG April 2024 - Going serverless with Quarkus GraalVM native images...AmsterdamJUG April 2024 - Going serverless with Quarkus GraalVM native images...
AmsterdamJUG April 2024 - Going serverless with Quarkus GraalVM native images...Bert Jan Schrijver
 
ETE PPT.pdf LMMKLMKLMLKMLLMJKBHJBHBNUIHBU
ETE PPT.pdf LMMKLMKLMLKMLLMJKBHJBHBNUIHBUETE PPT.pdf LMMKLMKLMLKMLLMJKBHJBHBNUIHBU
ETE PPT.pdf LMMKLMKLMLKMLLMJKBHJBHBNUIHBUsamruddhijedgule2004
 
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...OnePlan Solutions
 

Recently uploaded (20)

[ CNCF Q1 2024 ] Intro to Continuous Profiling and Grafana Pyroscope.pdf
[ CNCF Q1 2024 ] Intro to Continuous Profiling and Grafana Pyroscope.pdf[ CNCF Q1 2024 ] Intro to Continuous Profiling and Grafana Pyroscope.pdf
[ CNCF Q1 2024 ] Intro to Continuous Profiling and Grafana Pyroscope.pdf
 
oracle 23c new features for developer and dba
oracle 23c new features for developer and dbaoracle 23c new features for developer and dba
oracle 23c new features for developer and dba
 
Mastering Project Planning with Microsoft Project 2016.pptx
Mastering Project Planning with Microsoft Project 2016.pptxMastering Project Planning with Microsoft Project 2016.pptx
Mastering Project Planning with Microsoft Project 2016.pptx
 
Revolutionize Your Video Editing with InVideo.io: A Comprehensive Review
Revolutionize Your Video Editing with InVideo.io: A Comprehensive ReviewRevolutionize Your Video Editing with InVideo.io: A Comprehensive Review
Revolutionize Your Video Editing with InVideo.io: A Comprehensive Review
 
SAM Training Session - How to use EXCEL ?
SAM Training Session - How to use EXCEL ?SAM Training Session - How to use EXCEL ?
SAM Training Session - How to use EXCEL ?
 
Leveraging the Expertise of a Social Media Fraud Analyst to Safeguard Brand R...
Leveraging the Expertise of a Social Media Fraud Analyst to Safeguard Brand R...Leveraging the Expertise of a Social Media Fraud Analyst to Safeguard Brand R...
Leveraging the Expertise of a Social Media Fraud Analyst to Safeguard Brand R...
 
Chapter -5 Agile Testing types and its examples.pptx
Chapter -5 Agile Testing types and its examples.pptxChapter -5 Agile Testing types and its examples.pptx
Chapter -5 Agile Testing types and its examples.pptx
 
Effort Estimation Techniques used in Software Projects
Effort Estimation Techniques used in Software ProjectsEffort Estimation Techniques used in Software Projects
Effort Estimation Techniques used in Software Projects
 
OpenMetadata Community Meeting - 4th April, 2024
OpenMetadata Community Meeting - 4th April, 2024OpenMetadata Community Meeting - 4th April, 2024
OpenMetadata Community Meeting - 4th April, 2024
 
Pros and Cons of Selenium In Automation Testing_ A Comprehensive Assessment.pdf
Pros and Cons of Selenium In Automation Testing_ A Comprehensive Assessment.pdfPros and Cons of Selenium In Automation Testing_ A Comprehensive Assessment.pdf
Pros and Cons of Selenium In Automation Testing_ A Comprehensive Assessment.pdf
 
Tech Tuesday Slides - Getting Started with the Portfolio Module.
Tech Tuesday Slides - Getting Started with the Portfolio Module.Tech Tuesday Slides - Getting Started with the Portfolio Module.
Tech Tuesday Slides - Getting Started with the Portfolio Module.
 
Advantages of Cargo Cloud Solutions.pptx
Advantages of Cargo Cloud Solutions.pptxAdvantages of Cargo Cloud Solutions.pptx
Advantages of Cargo Cloud Solutions.pptx
 
Business Analyzopedia - Your Pocket Gita for Business Analysis
Business Analyzopedia - Your Pocket Gita for Business AnalysisBusiness Analyzopedia - Your Pocket Gita for Business Analysis
Business Analyzopedia - Your Pocket Gita for Business Analysis
 
full course of software engineering mid term.pdf
full course of software engineering mid term.pdffull course of software engineering mid term.pdf
full course of software engineering mid term.pdf
 
logical backup of Oracle Datapump-detailed.pptx
logical backup of Oracle Datapump-detailed.pptxlogical backup of Oracle Datapump-detailed.pptx
logical backup of Oracle Datapump-detailed.pptx
 
What is Mendix and the concept of low-code development.docx
What is Mendix and the concept of low-code development.docxWhat is Mendix and the concept of low-code development.docx
What is Mendix and the concept of low-code development.docx
 
Keeping your build tool updated in a multi repository world
Keeping your build tool updated in a multi repository worldKeeping your build tool updated in a multi repository world
Keeping your build tool updated in a multi repository world
 
AmsterdamJUG April 2024 - Going serverless with Quarkus GraalVM native images...
AmsterdamJUG April 2024 - Going serverless with Quarkus GraalVM native images...AmsterdamJUG April 2024 - Going serverless with Quarkus GraalVM native images...
AmsterdamJUG April 2024 - Going serverless with Quarkus GraalVM native images...
 
ETE PPT.pdf LMMKLMKLMLKMLLMJKBHJBHBNUIHBU
ETE PPT.pdf LMMKLMKLMLKMLLMJKBHJBHBNUIHBUETE PPT.pdf LMMKLMKLMLKMLLMJKBHJBHBNUIHBU
ETE PPT.pdf LMMKLMKLMLKMLLMJKBHJBHBNUIHBU
 
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...
 

Bosch: AN UPDATE ON OUR ACTIVITIES IN AUTOMATING OSS COMPLIANCE: A WORKING SHOWCASE

  • 1. AN UPDATE ON OUR ACTIVITIES IN AUTOMATING OSS COMPLIANCE: A WORKING SHOWCASE Sebastian Schuberth Senior Expert Open Source Services Bosch Software Innovations GmbH OpenChain Automotive Workshop October 29, 2019
  • 2. Bosch Software Innovations GmbH | INST-CSS/BSV-OS | 10/29/2019 © Bosch Software Innovations GmbH 2017. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution as well as in the event of applications for industrial property rights. Recap Introduction 2 Year 2017: The Idea Year 2018: A Working Community Year 2019: A Working Showcase
  • 3. Bosch Software Innovations GmbH | INST-CSS/BSV-OS | 10/29/2019 © Bosch Software Innovations GmbH 2017. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution as well as in the event of applications for industrial property rights. Introduction Example enterprise process Queued for Process Identification Audit ResolveIssues Reviews Approvals Registration Notices Verifications Distribution Verifications Own Proprietary Software 3rd Party Software FOSS Scan or audit source code – and – confirm origin and license of source code Resolve any audit issues in line with company FOSS policies Identify FOSS components for review Verify source code packages for distribution – and – verify appropriate notices are provided Record approved software/version in inventory per product and per release Publish source code, notices and provide written offer Review & approve compliance record of FOSS software components Compile notices for publication Post publication verifications Example of Compliance Management End-to-End Process Outgoing Software Notices & Attributions Written Offer Compliance Process 3
  • 5. Bosch Software Innovations GmbH | INST-CSS/BSV-OS | 10/29/2019 © Bosch Software Innovations GmbH 2017. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution as well as in the event of applications for industrial property rights. Automating Open Source Compliance Why an Open Source Solution?  End-to-End Open Source Management in Enterprises is crucial for compliant usage of OSS.  Avoid vendor lock-in.  Ownership of data is crucial to prevent expensive corner cases.  Free and open data (“sharing creates value”).  Long term solution independent from supplier.  Successful Open Source means defined State-of-the-Art. 5
  • 6. CI / CD Infrastructure Build Tools Continuous Integration Artifact Repository Source Code Repo Outbound software & Compliance artifacts Inbound software Contributions Dependency resolver Binary analyzerContainer content resolver Source package downloader Component & application metadata repository License & Copyright Scanner FOSS Compliance Bundle generator License metadata repository Public compliance artifact repos Issue Tracker Forensic Code Analysis Service Compliance artifact consistency Integration layer (API/Data) ScanCode License Classifier Integration layer (API/Data)Integration layer (API/Data) Integration layer (API/Data) Integration layer (API/Data) Integration layer (API/Data) Integration layer (API/Data) Integration layer (API/Data) Integration layer (API/Data) Integration layer (API/Data) Integration layer (API/Data)Integration layer (API/Data) Bang Automating Open Source Management Tooling Landscape(License: CC0-1.0)
  • 7. Bosch Software Innovations GmbH | INST-CSS/BSV-OS | 10/29/2019 © Bosch Software Innovations GmbH 2017. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution as well as in the event of applications for industrial property rights. Automating Open Source Management The Toolchain LicenseObligation Fulfillment Build System PolicyCheck Metadata Completion BOMManagement CollectingData Identification Software Heritage Compliance Workflow Commercial Data Provider 7 Local