FOSSLight at the OpenChain Mini-Summit May 2023
Report
Shane CoughlanFollow
May. 10, 2023•0 likes•218 views
FOSSLight at the OpenChain Mini-Summit May 2023
May. 10, 2023•0 likes•218 views
Download to read offline
Report
Software
FOSSLight at the OpenChain Mini-Summit May 2023
Shane CoughlanFollow
Recommended
Open Source Software ConceptsJITENDRA LENKA
Using Open Source for EnterpriseEric Fesler
Fully Automated and Secure CI/CD Pipeline for Go based ApplicationsMohamed Labouardy
FOSSLight Open Source ProjectShane Coughlan
Open Source All The ThingsAll Things Open
Open Source & What It Means For Self-Sovereign Identity (SSI)Evernym
More Related Content
Similar to FOSSLight at the OpenChain Mini-Summit May 2023
Open source softwareLaFlame5
Antelink Project, OW2con11, Nov 24-25, ParisOW2
Introduction To Open Source LicensesHarley Pascua
WP_Open-Source_Best_pratice_webPaul Plaquette
Disaggregation in PON Network - SDN PON Ravi Sharma
Open source mediaEmmanuel Lobijo
More from Shane Coughlan
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptxShane Coughlan
OpenChain Japan Work Group Meeting #28 - 2023-07-11Shane Coughlan
OpenChain Legal Work Group - 2023-06-29Shane Coughlan
OpenChain Webinar #53 – OpenSCAShane Coughlan
OpenChain Korea Work Group Meeting #18Shane Coughlan
2023-06-classicShane Coughlan
Recently uploaded
Salesforce @AXA.pdfPatrickYANG48
COA.pptxGoluTiwari22
Endlich gute API Tests. Boldly Testing APIs Where No One Has Tested Before.QAware GmbH
BMC Software.pptxCloudaction
Application Security: AI LLMs and ML Threats & DefensesRobert Grupe, CSSLP CISSP PE PMP
Workflow Engines & Event Streaming Brokers - Can they work together? [Current...Natan Silnitsky
![[DPE Summit] How Improving the Testing Experience Goes Beyond Quality: A Deve...](https://cdn.slidesharecdn.com/ss_thumbnails/dpesummitseptember20-212023-howimprovingthetestingexperiencegoesbeyondqualityadeveloperproductivityp-230924000523-453e8af8-thumbnail.jpg?width=1600&height=908&fit=bounds)
FOSSLight at the OpenChain Mini-Summit May 2023
- 5. LG Electronics Open Source Program Office 5 FOSSLight FOSSLight Scanner Source code Dependency Binary Software to be analyzed OSS BOM FOSSLight HUB OSS Notice Compliance Process Management Open Source / License Management Vulnerability Management Distribute Open Source Management License Management Compliance Process Management Supply Chain Management SBOM Management Vulnerability Management FOSSLight HUB
- 6. LG Electronics Open Source Program Office 6 FOSSLight Scanner Source Code Binary Dependency Copyright License Text Binary Scanner Android Yocto Platform specific Dependency Scanner go pypi maven npm gradle pub cocoa pods swift Carthage FOSSLight Scanner Source Scanner Scancode ScanOSS Prechecker Writing rule
- 9. LG Electronics Open Source Program Office 9 SW development team Step1. Identification Step 4. Distribution Step 2. Approval Step 3. Notice & Verification Request a review for analysis result Analysis open source Distribute Create OSS Package Generate OSS notice OSPO OSS Report OSS BOM OSS package Review the open source analysis result Obligation Review OSS Package & OSS Notice OSS distribution site Notice OSS notice & OSS package Notice OSS notice License Notice Source code FOSSLight Scanner FOSSLight Software
- 10. LG Electronics Open Source Program Office 10 FOSSLight Hub FOSSLight Scanner Step1. Identification Step 4. Distribution Step 2. Approval Step 3. Notice & Verification OSS package Notice OSS notice Obligation License Notice Source code OSS Report SBOM Analyze Dependency Analyze Source Code Analyze Binary FOSSLight Dependency Scanner FOSSLight Source Scanner FOSSLight Binary Scanner FOSSLight Prechecker Develop Software Create a project Distribute OSS package and OSS notice Register and request a review for OSS package Register and request a review for OSS report Review OSS package and generate OSS notice (by OSPO) Analyze open source Comply with copyright/license writing rules Review OSS report (by OSPO) start end
- 11. LG Electronics Open Source Program Office 11 Jenkins CI – FOSSLight Prechecker repository checkout FOSSLight Prechecker Lint mode Check copyright/license writing rules FOSSLight Prechecker Lint Result Mailing Jenkins triggering Push source code Check Compliance or not Write Copyright/License Information Compliant: Not-OK Compliant: OK
- 12. LG Electronics Open Source Program Office 12 Jenkins CI – FOSSLight Scanner repository checkout FOSSLight Scanner FOSSLight Scanner Compare mode Mailing BOM Compare Result & FOSSLight Report Jenkins triggering Push source code Check new open source Check Compliance Risk Analyze Open Source Compare BOM FOSSLight Report Result (yaml) BOM Compare Result (add, delete, change)
- 15. LG Electronics Open Source Program Office 15 Jenkins CI – vulnerability repository checkout FOSSLight Scanner OSS Vulnerability (FOSSLight Hub API Integration) Mailing Jenkins triggering Push source code Check open source list Make up source code for vulnerability Check the high open source vulnerability
- 16. LG Electronics Open Source Program Office 16 Open Source / License Manage of open source information Manage license restrictions and vulnerabilities Register bulk open source and license Compliance Process All-in-one open source compliance process Generate open source notice and verify the disclosed source Issue tracking Vulnerability Search vulnerability Monitor vulnerabilities of project (Mailing) Self-Check Analyze open source Detect automatically license Check license obligations and vulnerabilities SBOM Manage open source and proprietary software Search projects by software Support SPDX (ISO standard) Supply Chain Manage 3rd party software Register 3rd party agreement Manage as a project