Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

of

 FOSSLight Open Source Project Slide 1  FOSSLight Open Source Project Slide 2  FOSSLight Open Source Project Slide 3  FOSSLight Open Source Project Slide 4  FOSSLight Open Source Project Slide 5  FOSSLight Open Source Project Slide 6  FOSSLight Open Source Project Slide 7  FOSSLight Open Source Project Slide 8  FOSSLight Open Source Project Slide 9  FOSSLight Open Source Project Slide 10  FOSSLight Open Source Project Slide 11  FOSSLight Open Source Project Slide 12  FOSSLight Open Source Project Slide 13  FOSSLight Open Source Project Slide 14  FOSSLight Open Source Project Slide 15  FOSSLight Open Source Project Slide 16  FOSSLight Open Source Project Slide 17  FOSSLight Open Source Project Slide 18  FOSSLight Open Source Project Slide 19  FOSSLight Open Source Project Slide 20  FOSSLight Open Source Project Slide 21  FOSSLight Open Source Project Slide 22  FOSSLight Open Source Project Slide 23  FOSSLight Open Source Project Slide 24  FOSSLight Open Source Project Slide 25  FOSSLight Open Source Project Slide 26  FOSSLight Open Source Project Slide 27  FOSSLight Open Source Project Slide 28  FOSSLight Open Source Project Slide 29  FOSSLight Open Source Project Slide 30
Upcoming SlideShare
What to Upload to SlideShare
Next
Download to read offline and view in fullscreen.

0 Likes

Share

Download to read offline

FOSSLight Open Source Project

Download to read offline

FOSSLight Open Source Project

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all
  • Be the first to like this

FOSSLight Open Source Project

  1. 1. FOSSLight Open Source Project 2021. 7. 6. Kyoungae Kim OpenChain Webinar
  2. 2. 1 / 29 Contents 1. What is FOSSLight? 2. Why FOSSLight System? 3. FOSSLight Open Source Project
  3. 3. What is FOSSLight?
  4. 4. 3 / 29 LGE OSC Process WE NEED A TOOL & SYSTEM
  5. 5. 4 / 29 OSPO SW development team LGE OSC Process & FOSSLight Step1. Identification Step 4. Distribution Step 2. Approval Step 3. Notice & Verification Analyze open source Request for analysis review Create OSS Package OSS Package Distribute OSS distribution site Notice OSS Notice & OSS Package Notice OSS Notice Review OSS Package Review analysis result BOM OSS BOM & Obligation OSS report FOSSLight report FOSSLight Scanner FOSSLight FOSSLight Open Source Project Software
  6. 6. 5 / 29 FOSSLight Scanner Dependency Binary Source Code Source Scanner Dependency Scanner Binary Scanner Android Yocto Platform specific npm pip maven gradle pods ∙∙∙ ScanCode
  7. 7. 6 / 29 OSS License Vulnera bility 3rd Party Project Self check Rest API CI/CD FOSSLight System  All-in-one Open Source Compliance & Vulnerability Project OSC Process License / OSS Vulnerability 3rd Party Project 3rd Party OSS Management Self-Check Check OSS, License, Vulnerability without OSPO Review
  8. 8. 7 / 29 FOSSLight Source Scanner  Detect Copyright & License text  String Search  Use ScanCode  Cannot find OSS Name  https://github.com/fosslight/fosslight_source_scanner
  9. 9. 8 / 29 FOSSLight Dependency Scanner  Print OSS information based on dependencies.  Available Package Manager  Gradle (Java/Android)  Maven (Java)  NPM (Node.js)  Pypi (Python)  Pub (Dart with flutter)  Cocoapods (Swift/Obj-C)  Direct Dependency & Transitive Dependency  https://github.com/fosslight/fosslight_dependency_scanner
  10. 10. 9 / 29 FOSSLight Release soon..  FOSSLight Binary Scanner  Doesn’t scan binary itself.  Just calculate checksum(same) and TLSH(similar)  Compare with Binary DB Information and extract OSS Information  FOSSLight REUSE  Reuse (https://github.com/fsfe/reuse-tool)  Check Copyright/License writing rules in Source Code
  11. 11. Why FOSSLight System ?
  12. 12. 11 / 29 Project Dashboard
  13. 13. 12 / 29 BOM Management (1/2) https://linuxfoundation.org/blog/what-is-an-sbom/
  14. 14. 13 / 29 BOM Management (2/2)
  15. 15. 14 / 29 BOM Compare
  16. 16. 15 / 29 Same OSS (Nickname)
  17. 17. 16 / 29 Same OSS (Nickname)
  18. 18. 17 / 29 Same License (Nickname)
  19. 19. 18 / 29 Support Various OSS Notice Format
  20. 20. 19 / 29 Communication
  21. 21. 20 / 29 OpenChain Conformance
  22. 22. FOSSLight Open Source Project
  23. 23. 22 / 29 FOSSLight Open Source Project FOSS (Free and Open Source Software) + Light
  24. 24. 23 / 29 FOSSLight  https://FOSSLight.org  https://demo.FOSSLight.org  https://FOSSLight.org/fosslight-guide
  25. 25. 24 / 29 FOSSLight Press Release
  26. 26. 25 / 29 Github Star
  27. 27. 26 / 29 FOSSLight Roadmap FOSSLight Source Scanner FOSSLight System FOSSLight Binary Scanner FOSSLight Reuse FOSSLight Dependency Scanner 2021 1Q 2021 2Q 2021 3Q
  28. 28. 27 / 29 FOSSLight Contribution Items  Identification Input : SPDX, other scanner result  Distribution Implementation  Integration with Open Database (ex. Software Heritage)  Test Automation
  29. 29. 28 / 29 Your attention, please. Thank YOU !!
  30. 30. 29 / 29 Appendix. FOSSLight Sticker Image Candidates

FOSSLight Open Source Project

Views

Total views

219

On Slideshare

0

From embeds

0

Number of embeds

155

Actions

Downloads

0

Shares

0

Comments

0

Likes

0

×