OpenChain Webinar #11 - Open Source Issues Remediation - Jari Koivisto - 2020...
Your SlideShare is downloading.
×
Check these out next
Recommended
More Related Content
Slideshows for you (20)
Similar to FOSSLight Open Source Project (20)
More from Shane Coughlan (20)
Recently uploaded (20)
FOSSLight Open Source Project
- 1. FOSSLight Open Source Project 2021. 7. 6. Kyoungae Kim OpenChain Webinar
- 2. 1 / 29 Contents 1. What is FOSSLight? 2. Why FOSSLight System? 3. FOSSLight Open Source Project
- 3. What is FOSSLight?
- 4. 3 / 29 LGE OSC Process WE NEED A TOOL & SYSTEM
- 5. 4 / 29 OSPO SW development team LGE OSC Process & FOSSLight Step1. Identification Step 4. Distribution Step 2. Approval Step 3. Notice & Verification Analyze open source Request for analysis review Create OSS Package OSS Package Distribute OSS distribution site Notice OSS Notice & OSS Package Notice OSS Notice Review OSS Package Review analysis result BOM OSS BOM & Obligation OSS report FOSSLight report FOSSLight Scanner FOSSLight FOSSLight Open Source Project Software
- 6. 5 / 29 FOSSLight Scanner Dependency Binary Source Code Source Scanner Dependency Scanner Binary Scanner Android Yocto Platform specific npm pip maven gradle pods ∙∙∙ ScanCode
- 7. 6 / 29 OSS License Vulnera bility 3rd Party Project Self check Rest API CI/CD FOSSLight System All-in-one Open Source Compliance & Vulnerability Project OSC Process License / OSS Vulnerability 3rd Party Project 3rd Party OSS Management Self-Check Check OSS, License, Vulnerability without OSPO Review
- 8. 7 / 29 FOSSLight Source Scanner Detect Copyright & License text String Search Use ScanCode Cannot find OSS Name https://github.com/fosslight/fosslight_source_scanner
- 9. 8 / 29 FOSSLight Dependency Scanner Print OSS information based on dependencies. Available Package Manager Gradle (Java/Android) Maven (Java) NPM (Node.js) Pypi (Python) Pub (Dart with flutter) Cocoapods (Swift/Obj-C) Direct Dependency & Transitive Dependency https://github.com/fosslight/fosslight_dependency_scanner
- 10. 9 / 29 FOSSLight Release soon.. FOSSLight Binary Scanner Doesn’t scan binary itself. Just calculate checksum(same) and TLSH(similar) Compare with Binary DB Information and extract OSS Information FOSSLight REUSE Reuse (https://github.com/fsfe/reuse-tool) Check Copyright/License writing rules in Source Code
- 11. Why FOSSLight System ?
- 12. 11 / 29 Project Dashboard
- 13. 12 / 29 BOM Management (1/2) https://linuxfoundation.org/blog/what-is-an-sbom/
- 14. 13 / 29 BOM Management (2/2)
- 15. 14 / 29 BOM Compare
- 16. 15 / 29 Same OSS (Nickname)
- 17. 16 / 29 Same OSS (Nickname)
- 18. 17 / 29 Same License (Nickname)
- 19. 18 / 29 Support Various OSS Notice Format
- 20. 19 / 29 Communication
- 21. 20 / 29 OpenChain Conformance
- 22. FOSSLight Open Source Project
- 23. 22 / 29 FOSSLight Open Source Project FOSS (Free and Open Source Software) + Light
- 24. 23 / 29 FOSSLight https://FOSSLight.org https://demo.FOSSLight.org https://FOSSLight.org/fosslight-guide
- 25. 24 / 29 FOSSLight Press Release
- 26. 25 / 29 Github Star
- 27. 26 / 29 FOSSLight Roadmap FOSSLight Source Scanner FOSSLight System FOSSLight Binary Scanner FOSSLight Reuse FOSSLight Dependency Scanner 2021 1Q 2021 2Q 2021 3Q
- 28. 27 / 29 FOSSLight Contribution Items Identification Input : SPDX, other scanner result Distribution Implementation Integration with Open Database (ex. Software Heritage) Test Automation
- 29. 28 / 29 Your attention, please. Thank YOU !!
- 30. 29 / 29 Appendix. FOSSLight Sticker Image Candidates
