SlideShare a Scribd company logo
1 of 7
Copyright 2018 FUJITSU COMPUTER TECHNOLOGIES LIMITED
Improvements in meta-spdxscanner
through FOSSology
Takuma Ueba
Fujitsu Computer Technologies Limited
0
1518ka1
whoami
 I have contributed to the following communities
• Linux Kernel
• U-Boot
• Yocto Project
 Developer of In-house Embedded Linux Distribution for
Fujitsu Limited
 Our Distribution is built with Yocto Project
 My team-member is maintainer of meta-spdxscanner
(Ms. Lei Maohui)
 Our Distribution is used for 80+ products.
• IVI
• Server System Controller
• Storage System
• Network equipment
etc
Copyright 2018 FUJITSU COMPUTER TECHNOLOGIES LIMITED
Mainly platform community
1
Simple Introduction of meta-spdxscanner
 Yocto Layer of source code License scanner
 Default output: SPDX format (is best format)
(considering OpenChain Project)
 Default scanner: DoSOCSv2
Fossology 3.x doesn’t support CUI (at this point),
so it could not be used with Yocto Project
Copyright 2018 FUJITSU COMPUTER TECHNOLOGIES LIMITED
 Patches come from
3rd
party
Yocto Project
meta-spdxscanner
SPDX files
openembedded-core
meta-oe
meta-……
do_fetch do_unpack …… do_spdx ……
 OSS source code
2
Comparing Outputs by DoSOCSv2, FOSSology
Copyright 2018 FUJITSU COMPUTER TECHNOLOGIES
Ideal SPDX file DoSOCSv2(0.16.1) FOSSology(3.3.0)
SPDXVersion: SPDX-2.0
DataLicense: CC0-1.0
FileName: ./LICENSE
SPDXID: SPDXRef-file-LICENSE-4919-
7310aaf0
FileType: OTHER
FileChecksum: SHA256:
4919cfb14a73cd64fcef67b107613970cf165
9a09aa675dba31314f373bc7204
LicenseConcluded: NOASSERTION
LicenseInfoInFile: LicenseRef-BSD-style
LicenseComments: <text></text>
FileCopyrightText: NOASSERTION
FileComment: <text></text>
FileNotice: <text></text>
:(snip)
SPDXVersion: SPDX-2.1
DataLicense: CC0-1.0
FileName: bzip2-1.0.6/LICENSE
SPDXID: SPDXRef-item1699540
FileChecksum: SHA1:
1c0c6888759a63c32bca7eb63353af2cd9b
d5d9e
FileChecksum: MD5:
ddeb76cd34e791893c0f539fdab879bb
LicenseConcluded: LicenseRef-bzip2-1.0.6
LicenseInfoInFile: LicenseRef-bzip2-1.0.6
FileCopyrightText: <text> copyright (C)
1996-2010 Julian R Seward. All rights
reserved.
copyright notice, this list of conditions and
the following disclaimer. </text>
:(snip)
LicenseID: LicenseRef-bzip2-1.0.6
LicenseName: bzip2 and libbzip2 License
v1.0.6
ExtractedText: <text> This program,
"bzip2", the associated library "libbzip2",
and all documentation, are copyright (C)
1996-2010 Julian R Seward. All rights
reserved.
Redistribution and use in source and
binary forms, with or without modification,
are permitted provided that the following
conditions are met:
:(snip)
SPDXVersion: SPDX-2.1
DataLicense: CC0-1.0
FileName: bzip2-1.0.6/LICENSE
SPDXID: SPDXRef-item1699540
FileChecksum: SHA1:
1c0c6888759a63c32bca7eb63353af
2cd9bd5d9e
FileChecksum: MD5:
ddeb76cd34e791893c0f539fdab879
bb
LicenseConcluded: LicenseRef-bzip2-
1.0.6
LicenseInfoInFile: LicenseRef-bzip2-
1.0.6
FileCopyrightText: <text> copyright
(C) 1996-2010 Julian R Seward. All
rights reserved.
copyright notice, this list of
conditions and the following
disclaimer. </text>
:(snip)
LicenseID: LicenseRef-bzip2-1.0.6
LicenseName: bzip2 and libbzip2
License v1.0.6
ExtractedText: <text> This program,
"bzip2", the associated library
"libbzip2", and all documentation,
are copyright (C) 1996-2010 Julian
R Seward. All rights reserved.
:(snip)
insufficient SPDX output
By DoSOCSv2
≒
SPDX 2.0 2.1: Mandatory item
・LicenseConcluded: no output
・LicenseInfoInFile: mistake
・FileCopyrightText: no output
Ideal SPDX output
By FOSSology
3
FOSSology available for YP soon!
Copyright 2018 FUJITSU COMPUTER TECHNOLOGIES LIMITED
 We are making available to use fossdriver in meta-spdxscanner
 So you can soon use FOSSology from Yocto Project
fossdriver is intended to enable control of a FOSSology server from Python programs.
※ Quoted from fossdriver’s readme
 Let’s use improved meta-spdxscanner and
SPDX file
 Please give me feedback on
meta-spdxscanner and SPDX topics.
You are available to use high precision SPDX file!
4
Future Work
Copyright 2018 FUJITSU COMPUTER TECHNOLOGIES LIMITED
The names of products are the product names, trademarks or registered trademarks of the respective companies.
Trademark notices ((R),TM) are not necessarily displayed on system names and product names in this material.
Let’s improve SPDX file precision together
For maintenaince reason, we want send REST
API calls FOSSology server to generate SPDX files
5
Improvements in meta spdxscanner through FOSSology - Ueba San

More Related Content

Similar to Improvements in meta spdxscanner through FOSSology - Ueba San

Developing In Python On Red Hat Platforms (Nick Coghlan & Graham Dumpleton)
Developing In Python On Red Hat Platforms (Nick Coghlan & Graham Dumpleton)Developing In Python On Red Hat Platforms (Nick Coghlan & Graham Dumpleton)
Developing In Python On Red Hat Platforms (Nick Coghlan & Graham Dumpleton)Red Hat Developers
 
Developing in Python on Red Hat Platforms (DevNation 2016)
Developing in Python on Red Hat Platforms (DevNation 2016)Developing in Python on Red Hat Platforms (DevNation 2016)
Developing in Python on Red Hat Platforms (DevNation 2016)ncoghlan_dev
 
How to Manage OSS Licenses in CI/CD Development
How to Manage OSS Licenses in CI/CD DevelopmentHow to Manage OSS Licenses in CI/CD Development
How to Manage OSS Licenses in CI/CD DevelopmentShane Coughlan
 
Open source Android 10 on Orange Pi: Meth or Reality?
Open source Android 10 on Orange Pi: Meth or Reality?Open source Android 10 on Orange Pi: Meth or Reality?
Open source Android 10 on Orange Pi: Meth or Reality?GlobalLogic Ukraine
 
Using open source software to build an industrial grade embedded linux platfo...
Using open source software to build an industrial grade embedded linux platfo...Using open source software to build an industrial grade embedded linux platfo...
Using open source software to build an industrial grade embedded linux platfo...SZ Lin
 
OpenChain: How to manage OSS licenses for CI/CD development
OpenChain: How to manage OSS licenses for CI/CD developmentOpenChain: How to manage OSS licenses for CI/CD development
OpenChain: How to manage OSS licenses for CI/CD developmentShane Coughlan
 
Open-source Android 10 on Orange Pi: myth or reality?
Open-source Android 10 on Orange Pi: myth or reality?Open-source Android 10 on Orange Pi: myth or reality?
Open-source Android 10 on Orange Pi: myth or reality?GlobalLogic Ukraine
 
Creating new Tizen profiles using the Yocto Project
Creating new Tizen profiles  using the Yocto ProjectCreating new Tizen profiles  using the Yocto Project
Creating new Tizen profiles using the Yocto ProjectLeon Anavi
 
Why the yocto project for my io t project elc_edinburgh_2018
Why the yocto project for my io t project elc_edinburgh_2018Why the yocto project for my io t project elc_edinburgh_2018
Why the yocto project for my io t project elc_edinburgh_2018Mender.io
 
Linux Security and How Web Browser Sandboxes Really Work (Security Researcher...
Linux Security and How Web Browser Sandboxes Really Work (Security Researcher...Linux Security and How Web Browser Sandboxes Really Work (Security Researcher...
Linux Security and How Web Browser Sandboxes Really Work (Security Researcher...Patricia Aas
 
HKG18-203 - Overview of Linaro DRM
HKG18-203 - Overview of Linaro DRMHKG18-203 - Overview of Linaro DRM
HKG18-203 - Overview of Linaro DRMLinaro
 
DEF CON 27 - HUBER AND ROSKOSCH - im on your phone listening attacking voip c...
DEF CON 27 - HUBER AND ROSKOSCH - im on your phone listening attacking voip c...DEF CON 27 - HUBER AND ROSKOSCH - im on your phone listening attacking voip c...
DEF CON 27 - HUBER AND ROSKOSCH - im on your phone listening attacking voip c...Felipe Prado
 
OpenChain Webinar #50 - An Overview of SPDX 3.0
OpenChain Webinar #50 - An Overview of SPDX 3.0OpenChain Webinar #50 - An Overview of SPDX 3.0
OpenChain Webinar #50 - An Overview of SPDX 3.0Shane Coughlan
 
Ubuntu core on bubblegum 96
Ubuntu core on bubblegum 96Ubuntu core on bubblegum 96
Ubuntu core on bubblegum 96波 董
 
Ubuntu core on bubblegum 96
Ubuntu core on bubblegum 96Ubuntu core on bubblegum 96
Ubuntu core on bubblegum 96波 董
 

Similar to Improvements in meta spdxscanner through FOSSology - Ueba San (20)

Developing In Python On Red Hat Platforms (Nick Coghlan & Graham Dumpleton)
Developing In Python On Red Hat Platforms (Nick Coghlan & Graham Dumpleton)Developing In Python On Red Hat Platforms (Nick Coghlan & Graham Dumpleton)
Developing In Python On Red Hat Platforms (Nick Coghlan & Graham Dumpleton)
 
Developing in Python on Red Hat Platforms (DevNation 2016)
Developing in Python on Red Hat Platforms (DevNation 2016)Developing in Python on Red Hat Platforms (DevNation 2016)
Developing in Python on Red Hat Platforms (DevNation 2016)
 
lotos-framework
lotos-frameworklotos-framework
lotos-framework
 
How to Manage OSS Licenses in CI/CD Development
How to Manage OSS Licenses in CI/CD DevelopmentHow to Manage OSS Licenses in CI/CD Development
How to Manage OSS Licenses in CI/CD Development
 
Open source Android 10 on Orange Pi: Meth or Reality?
Open source Android 10 on Orange Pi: Meth or Reality?Open source Android 10 on Orange Pi: Meth or Reality?
Open source Android 10 on Orange Pi: Meth or Reality?
 
Using open source software to build an industrial grade embedded linux platfo...
Using open source software to build an industrial grade embedded linux platfo...Using open source software to build an industrial grade embedded linux platfo...
Using open source software to build an industrial grade embedded linux platfo...
 
Icse10a.ppt
Icse10a.pptIcse10a.ppt
Icse10a.ppt
 
OpenChain: How to manage OSS licenses for CI/CD development
OpenChain: How to manage OSS licenses for CI/CD developmentOpenChain: How to manage OSS licenses for CI/CD development
OpenChain: How to manage OSS licenses for CI/CD development
 
Open-source Android 10 on Orange Pi: myth or reality?
Open-source Android 10 on Orange Pi: myth or reality?Open-source Android 10 on Orange Pi: myth or reality?
Open-source Android 10 on Orange Pi: myth or reality?
 
Creating new Tizen profiles using the Yocto Project
Creating new Tizen profiles  using the Yocto ProjectCreating new Tizen profiles  using the Yocto Project
Creating new Tizen profiles using the Yocto Project
 
Linux internals v4
Linux internals v4Linux internals v4
Linux internals v4
 
libdash 2.0
libdash 2.0libdash 2.0
libdash 2.0
 
Why the yocto project for my io t project elc_edinburgh_2018
Why the yocto project for my io t project elc_edinburgh_2018Why the yocto project for my io t project elc_edinburgh_2018
Why the yocto project for my io t project elc_edinburgh_2018
 
56_Implementation
56_Implementation56_Implementation
56_Implementation
 
Linux Security and How Web Browser Sandboxes Really Work (Security Researcher...
Linux Security and How Web Browser Sandboxes Really Work (Security Researcher...Linux Security and How Web Browser Sandboxes Really Work (Security Researcher...
Linux Security and How Web Browser Sandboxes Really Work (Security Researcher...
 
HKG18-203 - Overview of Linaro DRM
HKG18-203 - Overview of Linaro DRMHKG18-203 - Overview of Linaro DRM
HKG18-203 - Overview of Linaro DRM
 
DEF CON 27 - HUBER AND ROSKOSCH - im on your phone listening attacking voip c...
DEF CON 27 - HUBER AND ROSKOSCH - im on your phone listening attacking voip c...DEF CON 27 - HUBER AND ROSKOSCH - im on your phone listening attacking voip c...
DEF CON 27 - HUBER AND ROSKOSCH - im on your phone listening attacking voip c...
 
OpenChain Webinar #50 - An Overview of SPDX 3.0
OpenChain Webinar #50 - An Overview of SPDX 3.0OpenChain Webinar #50 - An Overview of SPDX 3.0
OpenChain Webinar #50 - An Overview of SPDX 3.0
 
Ubuntu core on bubblegum 96
Ubuntu core on bubblegum 96Ubuntu core on bubblegum 96
Ubuntu core on bubblegum 96
 
Ubuntu core on bubblegum 96
Ubuntu core on bubblegum 96Ubuntu core on bubblegum 96
Ubuntu core on bubblegum 96
 

More from Shane Coughlan

OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full RecordingOpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full RecordingShane Coughlan
 
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full RecordingOpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full RecordingShane Coughlan
 
OpenChain Monthly Meeting North America and Asia - 2024-03-19
OpenChain Monthly Meeting North America and Asia - 2024-03-19OpenChain Monthly Meeting North America and Asia - 2024-03-19
OpenChain Monthly Meeting North America and Asia - 2024-03-19Shane Coughlan
 
OpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS CalculatorOpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS CalculatorShane Coughlan
 
openEuler Community Overview - a presentation showing the current scale
openEuler Community Overview - a presentation showing the current scaleopenEuler Community Overview - a presentation showing the current scale
openEuler Community Overview - a presentation showing the current scaleShane Coughlan
 
OpenChain AI Study Group - North America and Europe - 2024-02-20
OpenChain AI Study Group - North America and Europe - 2024-02-20OpenChain AI Study Group - North America and Europe - 2024-02-20
OpenChain AI Study Group - North America and Europe - 2024-02-20Shane Coughlan
 
AI Study Group North America - Europe 2024-02-06
AI Study Group North America - Europe 2024-02-06AI Study Group North America - Europe 2024-02-06
AI Study Group North America - Europe 2024-02-06Shane Coughlan
 
OpenChain Monthly North America / Europe Call - 2024-02-06
OpenChain Monthly North America / Europe Call - 2024-02-06OpenChain Monthly North America / Europe Call - 2024-02-06
OpenChain Monthly North America / Europe Call - 2024-02-06Shane Coughlan
 
OpenChain Export Control Work Group 2024-01-09
OpenChain Export Control Work Group 2024-01-09OpenChain Export Control Work Group 2024-01-09
OpenChain Export Control Work Group 2024-01-09Shane Coughlan
 
OpenChain Legal Work Group - 2024-01-17
OpenChain Legal Work Group -  2024-01-17OpenChain Legal Work Group -  2024-01-17
OpenChain Legal Work Group - 2024-01-17Shane Coughlan
 
Openchain AI Study Group 2024-01-23.pptx
Openchain AI Study Group 2024-01-23.pptxOpenchain AI Study Group 2024-01-23.pptx
Openchain AI Study Group 2024-01-23.pptxShane Coughlan
 
OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...
OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...
OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...Shane Coughlan
 
Maturity Models - Open Compliance Summit 2023
Maturity Models - Open Compliance Summit 2023Maturity Models - Open Compliance Summit 2023
Maturity Models - Open Compliance Summit 2023Shane Coughlan
 
OpenChain Annual Report 2023 - Key Metrics Slides
OpenChain Annual Report 2023 - Key Metrics SlidesOpenChain Annual Report 2023 - Key Metrics Slides
OpenChain Annual Report 2023 - Key Metrics SlidesShane Coughlan
 
OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27
OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27
OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27Shane Coughlan
 
FOSSLight Community Day 2023-11-30
FOSSLight Community Day 2023-11-30FOSSLight Community Day 2023-11-30
FOSSLight Community Day 2023-11-30Shane Coughlan
 
OpenChain Webinar #56: Generative AI and Your Code
OpenChain Webinar #56: Generative AI and Your CodeOpenChain Webinar #56: Generative AI and Your Code
OpenChain Webinar #56: Generative AI and Your CodeShane Coughlan
 
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptx
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptxFrom One Standard to a Family - Taiwan Work Group - 2023-08-15.pptx
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptxShane Coughlan
 
OpenChain Japan Work Group Meeting #28 - 2023-07-11
OpenChain Japan Work Group Meeting #28 - 2023-07-11OpenChain Japan Work Group Meeting #28 - 2023-07-11
OpenChain Japan Work Group Meeting #28 - 2023-07-11Shane Coughlan
 
OpenChain Legal Work Group - 2023-06-29
OpenChain Legal Work Group - 2023-06-29OpenChain Legal Work Group - 2023-06-29
OpenChain Legal Work Group - 2023-06-29Shane Coughlan
 

More from Shane Coughlan (20)

OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full RecordingOpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
 
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full RecordingOpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
 
OpenChain Monthly Meeting North America and Asia - 2024-03-19
OpenChain Monthly Meeting North America and Asia - 2024-03-19OpenChain Monthly Meeting North America and Asia - 2024-03-19
OpenChain Monthly Meeting North America and Asia - 2024-03-19
 
OpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS CalculatorOpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS Calculator
 
openEuler Community Overview - a presentation showing the current scale
openEuler Community Overview - a presentation showing the current scaleopenEuler Community Overview - a presentation showing the current scale
openEuler Community Overview - a presentation showing the current scale
 
OpenChain AI Study Group - North America and Europe - 2024-02-20
OpenChain AI Study Group - North America and Europe - 2024-02-20OpenChain AI Study Group - North America and Europe - 2024-02-20
OpenChain AI Study Group - North America and Europe - 2024-02-20
 
AI Study Group North America - Europe 2024-02-06
AI Study Group North America - Europe 2024-02-06AI Study Group North America - Europe 2024-02-06
AI Study Group North America - Europe 2024-02-06
 
OpenChain Monthly North America / Europe Call - 2024-02-06
OpenChain Monthly North America / Europe Call - 2024-02-06OpenChain Monthly North America / Europe Call - 2024-02-06
OpenChain Monthly North America / Europe Call - 2024-02-06
 
OpenChain Export Control Work Group 2024-01-09
OpenChain Export Control Work Group 2024-01-09OpenChain Export Control Work Group 2024-01-09
OpenChain Export Control Work Group 2024-01-09
 
OpenChain Legal Work Group - 2024-01-17
OpenChain Legal Work Group -  2024-01-17OpenChain Legal Work Group -  2024-01-17
OpenChain Legal Work Group - 2024-01-17
 
Openchain AI Study Group 2024-01-23.pptx
Openchain AI Study Group 2024-01-23.pptxOpenchain AI Study Group 2024-01-23.pptx
Openchain AI Study Group 2024-01-23.pptx
 
OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...
OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...
OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...
 
Maturity Models - Open Compliance Summit 2023
Maturity Models - Open Compliance Summit 2023Maturity Models - Open Compliance Summit 2023
Maturity Models - Open Compliance Summit 2023
 
OpenChain Annual Report 2023 - Key Metrics Slides
OpenChain Annual Report 2023 - Key Metrics SlidesOpenChain Annual Report 2023 - Key Metrics Slides
OpenChain Annual Report 2023 - Key Metrics Slides
 
OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27
OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27
OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27
 
FOSSLight Community Day 2023-11-30
FOSSLight Community Day 2023-11-30FOSSLight Community Day 2023-11-30
FOSSLight Community Day 2023-11-30
 
OpenChain Webinar #56: Generative AI and Your Code
OpenChain Webinar #56: Generative AI and Your CodeOpenChain Webinar #56: Generative AI and Your Code
OpenChain Webinar #56: Generative AI and Your Code
 
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptx
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptxFrom One Standard to a Family - Taiwan Work Group - 2023-08-15.pptx
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptx
 
OpenChain Japan Work Group Meeting #28 - 2023-07-11
OpenChain Japan Work Group Meeting #28 - 2023-07-11OpenChain Japan Work Group Meeting #28 - 2023-07-11
OpenChain Japan Work Group Meeting #28 - 2023-07-11
 
OpenChain Legal Work Group - 2023-06-29
OpenChain Legal Work Group - 2023-06-29OpenChain Legal Work Group - 2023-06-29
OpenChain Legal Work Group - 2023-06-29
 

Recently uploaded

UI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptxUI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptxAndreas Kunz
 
VictoriaMetrics Q1 Meet Up '24 - Community & News Update
VictoriaMetrics Q1 Meet Up '24 - Community & News UpdateVictoriaMetrics Q1 Meet Up '24 - Community & News Update
VictoriaMetrics Q1 Meet Up '24 - Community & News UpdateVictoriaMetrics
 
GraphSummit Madrid - Product Vision and Roadmap - Luis Salvador Neo4j
GraphSummit Madrid - Product Vision and Roadmap - Luis Salvador Neo4jGraphSummit Madrid - Product Vision and Roadmap - Luis Salvador Neo4j
GraphSummit Madrid - Product Vision and Roadmap - Luis Salvador Neo4jNeo4j
 
Powering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsPowering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsSafe Software
 
Zer0con 2024 final share short version.pdf
Zer0con 2024 final share short version.pdfZer0con 2024 final share short version.pdf
Zer0con 2024 final share short version.pdfmaor17
 
Enhancing Supply Chain Visibility with Cargo Cloud Solutions.pdf
Enhancing Supply Chain Visibility with Cargo Cloud Solutions.pdfEnhancing Supply Chain Visibility with Cargo Cloud Solutions.pdf
Enhancing Supply Chain Visibility with Cargo Cloud Solutions.pdfRTS corp
 
Leveraging AI for Mobile App Testing on Real Devices | Applitools + Kobiton
Leveraging AI for Mobile App Testing on Real Devices | Applitools + KobitonLeveraging AI for Mobile App Testing on Real Devices | Applitools + Kobiton
Leveraging AI for Mobile App Testing on Real Devices | Applitools + KobitonApplitools
 
Amazon Bedrock in Action - presentation of the Bedrock's capabilities
Amazon Bedrock in Action - presentation of the Bedrock's capabilitiesAmazon Bedrock in Action - presentation of the Bedrock's capabilities
Amazon Bedrock in Action - presentation of the Bedrock's capabilitiesKrzysztofKkol1
 
Understanding Flamingo - DeepMind's VLM Architecture
Understanding Flamingo - DeepMind's VLM ArchitectureUnderstanding Flamingo - DeepMind's VLM Architecture
Understanding Flamingo - DeepMind's VLM Architecturerahul_net
 
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptxReal-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptxRTS corp
 
Best Angular 17 Classroom & Online training - Naresh IT
Best Angular 17 Classroom & Online training - Naresh ITBest Angular 17 Classroom & Online training - Naresh IT
Best Angular 17 Classroom & Online training - Naresh ITmanoharjgpsolutions
 
Osi security architecture in network.pptx
Osi security architecture in network.pptxOsi security architecture in network.pptx
Osi security architecture in network.pptxVinzoCenzo
 
Post Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on IdentityPost Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on Identityteam-WIBU
 
2024-04-09 - From Complexity to Clarity - AWS Summit AMS.pdf
2024-04-09 - From Complexity to Clarity - AWS Summit AMS.pdf2024-04-09 - From Complexity to Clarity - AWS Summit AMS.pdf
2024-04-09 - From Complexity to Clarity - AWS Summit AMS.pdfAndrey Devyatkin
 
SAM Training Session - How to use EXCEL ?
SAM Training Session - How to use EXCEL ?SAM Training Session - How to use EXCEL ?
SAM Training Session - How to use EXCEL ?Alexandre Beguel
 
Precise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalPrecise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalLionel Briand
 
Keeping your build tool updated in a multi repository world
Keeping your build tool updated in a multi repository worldKeeping your build tool updated in a multi repository world
Keeping your build tool updated in a multi repository worldRoberto Pérez Alcolea
 
JavaLand 2024 - Going serverless with Quarkus GraalVM native images and AWS L...
JavaLand 2024 - Going serverless with Quarkus GraalVM native images and AWS L...JavaLand 2024 - Going serverless with Quarkus GraalVM native images and AWS L...
JavaLand 2024 - Going serverless with Quarkus GraalVM native images and AWS L...Bert Jan Schrijver
 
Comparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdfComparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdfDrew Moseley
 
Effectively Troubleshoot 9 Types of OutOfMemoryError
Effectively Troubleshoot 9 Types of OutOfMemoryErrorEffectively Troubleshoot 9 Types of OutOfMemoryError
Effectively Troubleshoot 9 Types of OutOfMemoryErrorTier1 app
 

Recently uploaded (20)

UI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptxUI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptx
 
VictoriaMetrics Q1 Meet Up '24 - Community & News Update
VictoriaMetrics Q1 Meet Up '24 - Community & News UpdateVictoriaMetrics Q1 Meet Up '24 - Community & News Update
VictoriaMetrics Q1 Meet Up '24 - Community & News Update
 
GraphSummit Madrid - Product Vision and Roadmap - Luis Salvador Neo4j
GraphSummit Madrid - Product Vision and Roadmap - Luis Salvador Neo4jGraphSummit Madrid - Product Vision and Roadmap - Luis Salvador Neo4j
GraphSummit Madrid - Product Vision and Roadmap - Luis Salvador Neo4j
 
Powering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsPowering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data Streams
 
Zer0con 2024 final share short version.pdf
Zer0con 2024 final share short version.pdfZer0con 2024 final share short version.pdf
Zer0con 2024 final share short version.pdf
 
Enhancing Supply Chain Visibility with Cargo Cloud Solutions.pdf
Enhancing Supply Chain Visibility with Cargo Cloud Solutions.pdfEnhancing Supply Chain Visibility with Cargo Cloud Solutions.pdf
Enhancing Supply Chain Visibility with Cargo Cloud Solutions.pdf
 
Leveraging AI for Mobile App Testing on Real Devices | Applitools + Kobiton
Leveraging AI for Mobile App Testing on Real Devices | Applitools + KobitonLeveraging AI for Mobile App Testing on Real Devices | Applitools + Kobiton
Leveraging AI for Mobile App Testing on Real Devices | Applitools + Kobiton
 
Amazon Bedrock in Action - presentation of the Bedrock's capabilities
Amazon Bedrock in Action - presentation of the Bedrock's capabilitiesAmazon Bedrock in Action - presentation of the Bedrock's capabilities
Amazon Bedrock in Action - presentation of the Bedrock's capabilities
 
Understanding Flamingo - DeepMind's VLM Architecture
Understanding Flamingo - DeepMind's VLM ArchitectureUnderstanding Flamingo - DeepMind's VLM Architecture
Understanding Flamingo - DeepMind's VLM Architecture
 
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptxReal-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
 
Best Angular 17 Classroom & Online training - Naresh IT
Best Angular 17 Classroom & Online training - Naresh ITBest Angular 17 Classroom & Online training - Naresh IT
Best Angular 17 Classroom & Online training - Naresh IT
 
Osi security architecture in network.pptx
Osi security architecture in network.pptxOsi security architecture in network.pptx
Osi security architecture in network.pptx
 
Post Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on IdentityPost Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on Identity
 
2024-04-09 - From Complexity to Clarity - AWS Summit AMS.pdf
2024-04-09 - From Complexity to Clarity - AWS Summit AMS.pdf2024-04-09 - From Complexity to Clarity - AWS Summit AMS.pdf
2024-04-09 - From Complexity to Clarity - AWS Summit AMS.pdf
 
SAM Training Session - How to use EXCEL ?
SAM Training Session - How to use EXCEL ?SAM Training Session - How to use EXCEL ?
SAM Training Session - How to use EXCEL ?
 
Precise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalPrecise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive Goal
 
Keeping your build tool updated in a multi repository world
Keeping your build tool updated in a multi repository worldKeeping your build tool updated in a multi repository world
Keeping your build tool updated in a multi repository world
 
JavaLand 2024 - Going serverless with Quarkus GraalVM native images and AWS L...
JavaLand 2024 - Going serverless with Quarkus GraalVM native images and AWS L...JavaLand 2024 - Going serverless with Quarkus GraalVM native images and AWS L...
JavaLand 2024 - Going serverless with Quarkus GraalVM native images and AWS L...
 
Comparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdfComparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdf
 
Effectively Troubleshoot 9 Types of OutOfMemoryError
Effectively Troubleshoot 9 Types of OutOfMemoryErrorEffectively Troubleshoot 9 Types of OutOfMemoryError
Effectively Troubleshoot 9 Types of OutOfMemoryError
 

Improvements in meta spdxscanner through FOSSology - Ueba San

  • 1. Copyright 2018 FUJITSU COMPUTER TECHNOLOGIES LIMITED Improvements in meta-spdxscanner through FOSSology Takuma Ueba Fujitsu Computer Technologies Limited 0 1518ka1
  • 2. whoami  I have contributed to the following communities • Linux Kernel • U-Boot • Yocto Project  Developer of In-house Embedded Linux Distribution for Fujitsu Limited  Our Distribution is built with Yocto Project  My team-member is maintainer of meta-spdxscanner (Ms. Lei Maohui)  Our Distribution is used for 80+ products. • IVI • Server System Controller • Storage System • Network equipment etc Copyright 2018 FUJITSU COMPUTER TECHNOLOGIES LIMITED Mainly platform community 1
  • 3. Simple Introduction of meta-spdxscanner  Yocto Layer of source code License scanner  Default output: SPDX format (is best format) (considering OpenChain Project)  Default scanner: DoSOCSv2 Fossology 3.x doesn’t support CUI (at this point), so it could not be used with Yocto Project Copyright 2018 FUJITSU COMPUTER TECHNOLOGIES LIMITED  Patches come from 3rd party Yocto Project meta-spdxscanner SPDX files openembedded-core meta-oe meta-…… do_fetch do_unpack …… do_spdx ……  OSS source code 2
  • 4. Comparing Outputs by DoSOCSv2, FOSSology Copyright 2018 FUJITSU COMPUTER TECHNOLOGIES Ideal SPDX file DoSOCSv2(0.16.1) FOSSology(3.3.0) SPDXVersion: SPDX-2.0 DataLicense: CC0-1.0 FileName: ./LICENSE SPDXID: SPDXRef-file-LICENSE-4919- 7310aaf0 FileType: OTHER FileChecksum: SHA256: 4919cfb14a73cd64fcef67b107613970cf165 9a09aa675dba31314f373bc7204 LicenseConcluded: NOASSERTION LicenseInfoInFile: LicenseRef-BSD-style LicenseComments: <text></text> FileCopyrightText: NOASSERTION FileComment: <text></text> FileNotice: <text></text> :(snip) SPDXVersion: SPDX-2.1 DataLicense: CC0-1.0 FileName: bzip2-1.0.6/LICENSE SPDXID: SPDXRef-item1699540 FileChecksum: SHA1: 1c0c6888759a63c32bca7eb63353af2cd9b d5d9e FileChecksum: MD5: ddeb76cd34e791893c0f539fdab879bb LicenseConcluded: LicenseRef-bzip2-1.0.6 LicenseInfoInFile: LicenseRef-bzip2-1.0.6 FileCopyrightText: <text> copyright (C) 1996-2010 Julian R Seward. All rights reserved. copyright notice, this list of conditions and the following disclaimer. </text> :(snip) LicenseID: LicenseRef-bzip2-1.0.6 LicenseName: bzip2 and libbzip2 License v1.0.6 ExtractedText: <text> This program, "bzip2", the associated library "libbzip2", and all documentation, are copyright (C) 1996-2010 Julian R Seward. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: :(snip) SPDXVersion: SPDX-2.1 DataLicense: CC0-1.0 FileName: bzip2-1.0.6/LICENSE SPDXID: SPDXRef-item1699540 FileChecksum: SHA1: 1c0c6888759a63c32bca7eb63353af 2cd9bd5d9e FileChecksum: MD5: ddeb76cd34e791893c0f539fdab879 bb LicenseConcluded: LicenseRef-bzip2- 1.0.6 LicenseInfoInFile: LicenseRef-bzip2- 1.0.6 FileCopyrightText: <text> copyright (C) 1996-2010 Julian R Seward. All rights reserved. copyright notice, this list of conditions and the following disclaimer. </text> :(snip) LicenseID: LicenseRef-bzip2-1.0.6 LicenseName: bzip2 and libbzip2 License v1.0.6 ExtractedText: <text> This program, "bzip2", the associated library "libbzip2", and all documentation, are copyright (C) 1996-2010 Julian R Seward. All rights reserved. :(snip) insufficient SPDX output By DoSOCSv2 ≒ SPDX 2.0 2.1: Mandatory item ・LicenseConcluded: no output ・LicenseInfoInFile: mistake ・FileCopyrightText: no output Ideal SPDX output By FOSSology 3
  • 5. FOSSology available for YP soon! Copyright 2018 FUJITSU COMPUTER TECHNOLOGIES LIMITED  We are making available to use fossdriver in meta-spdxscanner  So you can soon use FOSSology from Yocto Project fossdriver is intended to enable control of a FOSSology server from Python programs. ※ Quoted from fossdriver’s readme  Let’s use improved meta-spdxscanner and SPDX file  Please give me feedback on meta-spdxscanner and SPDX topics. You are available to use high precision SPDX file! 4
  • 6. Future Work Copyright 2018 FUJITSU COMPUTER TECHNOLOGIES LIMITED The names of products are the product names, trademarks or registered trademarks of the respective companies. Trademark notices ((R),TM) are not necessarily displayed on system names and product names in this material. Let’s improve SPDX file precision together For maintenaince reason, we want send REST API calls FOSSology server to generate SPDX files 5

Editor's Notes

  1. 0