2. Our goal of “raising all the boats” in the
supply chain is well underway
3. Our community has expressed that easier, more
extensive automation is vital for the supply chain
4. We have explored this topic over the last two years
through our bi-weekly webinars
OpenChain Webinar #26
FOSSLight Overview and Automating Yocto with SPDX
OpenChain Webinar #20
Automation Workflows
OpenChain Webinar #17
LFX: Tools to Build and Scale Sustainable Technologies
OpenChain Webinar #11
SPDX Online Tools
OpenChain Webinar #5
Software Heritage
5. Check out all the webinars here:
https://www.openchainproject.org/webinars
7. We will host a multi-part case study between
September and December 2021
(Our biggest ever case study!)
8. September 22nd
We explore a new graphical tool from Facebook/TNG to
make open source tooling easier to use.
Our real-world demo will show ORT calling ScanCode in a
clean, simple way.
We will have an interview about how the graphical interface
was designed.
September 29th, we will have an interview about
how the tool internals was designed.
Here is what we will cover:
September
9. October 13th, we do a deep dive on using ORT via
the tool + deep dive into ORT internals
engineering.
October 27th, we do a deep dive on using TERN
via the tool + deep dive into TERN internals
engineering.
Here is what we will cover:
October
10. November 10th, we do a “how this tool can work
with TERN, ORT and ScanOSS in the real-world.”
November 24th, we do a “fake supply chain”
showing code going through multiple scanners
and maintaining SPDX Lite integrity.
Here is what we will cover:
November
11. December 8th, Facebook Usage Case Study.
December 16th, A recap of the whole open source
tooling eco-system at Open Compliance Summit
2021.
Here is what we will cover:
December
14. We plan to collaborate with the maintainers of
FOSSology, FOSSLight and others to show the easiest
possible deployment and usage approaches for
supplier companies.
17. Our community has expressed interest in Software Bill
of Materials case studies related to SPDX 2.2.1
We will explore how close the automation ecosystem is
to fully supporting ingest and export of
SPDX ISO/IEC 5962:2021 Appendix VIII: SPDX Lite
as a minimal subset of the SPDX standard.
18. Open Source Review Toolking (ORT):
https://github.com/oss-review-toolkit/ort
Important Links
ScanCode:
https://github.com/nexB/scancode-toolkit
TERN:
https://github.com/tern-tools/tern