This document outlines an automation case study that will take place from September to December 2021. It will explore graphical tools from Facebook/TNG that make open source tooling easier to use, focusing on ORT and ScanCode. Over the months, it will provide deep dives on using ORT and TERN via the tool. It will also demonstrate how these tools can work together in a supply chain and maintain SPDX integrity. The case study will conclude with a Facebook usage example and recap at Open Compliance Summit 2021.

1. Automation Case Study
September through December 2021

2. Our goal of “raising all the boats” in the
supply chain is well underway

3. Our community has expressed that easier, more
extensive automation is vital for the supply chain

4. We have explored this topic over the last two years
through our bi-weekly webinars
OpenChain Webinar #26
FOSSLight Overview and Automating Yocto with SPDX
OpenChain Webinar #20
Automation Workflows
OpenChain Webinar #17
LFX: Tools to Build and Scale Sustainable Technologies
OpenChain Webinar #11
SPDX Online Tools
OpenChain Webinar #5
Software Heritage

5. Check out all the webinars here:
https://www.openchainproject.org/webinars

6. Now it is time to bring it all together

7. We will host a multi-part case study between
September and December 2021
(Our biggest ever case study!)

8.  September 22nd
We explore a new graphical tool from Facebook/TNG to
make open source tooling easier to use.
Our real-world demo will show ORT calling ScanCode in a
clean, simple way.
We will have an interview about how the graphical interface
was designed.
 September 29th, we will have an interview about
how the tool internals was designed.
Here is what we will cover:
September

9.  October 13th, we do a deep dive on using ORT via
the tool + deep dive into ORT internals
engineering.
 October 27th, we do a deep dive on using TERN
via the tool + deep dive into TERN internals
engineering.
Here is what we will cover:
October

10.  November 10th, we do a “how this tool can work
with TERN, ORT and ScanOSS in the real-world.”
 November 24th, we do a “fake supply chain”
showing code going through multiple scanners
and maintaining SPDX Lite integrity.
Here is what we will cover:
November

11.  December 8th, Facebook Usage Case Study.
 December 16th, A recap of the whole open source
tooling eco-system at Open Compliance Summit
2021.
Here is what we will cover:
December

12. Will other automation be explored during this period?

13. Yes

14. We plan to collaborate with the maintainers of
FOSSology, FOSSLight and others to show the easiest
possible deployment and usage approaches for
supplier companies.

15. Will Software Bill of Materials be part of this?

16. Yes

17. Our community has expressed interest in Software Bill
of Materials case studies related to SPDX 2.2.1
We will explore how close the automation ecosystem is
to fully supporting ingest and export of
SPDX ISO/IEC 5962:2021 Appendix VIII: SPDX Lite
as a minimal subset of the SPDX standard.

18. Open Source Review Toolking (ORT):
https://github.com/oss-review-toolkit/ort
Important Links
ScanCode:
https://github.com/nexB/scancode-toolkit
TERN:
https://github.com/tern-tools/tern

19. FOSSology:
https://www.fossology.org/
Important Links
FOSSLight:
https://fosslight.org/
SPDX Tools:
https://github.com/spdx/tools

20. SPDX:
https://spdx.github.io/spdx-spec/
Important Links
SPDX (ISO Page):
https://www.iso.org/standard/81870.html
SPDX Lite:
https://spdx.github.io/spdx-spec/appendix-VIII-SPDX-Lite/

21. The Facebook / TNG tool will be revealed on
September 15th 2021

22. Questions?