SlideShare a Scribd company logo

OpenChain: How to manage OSS licenses for CI/CD development

Download as PPTX, PDF
Shane Coughlan
Shane Coughlan

How to manage OSS licenses for CI/CD development A pretty cool slide deck shared during an OpenChain event.

Software
1 of 11
How to manage OSS licenses for CI/CD development Takuma Ueba Fujitsu Computer Technologies Limited Copyright 2019 FUJITSU COMPUTER TECHNOLOGIES LIMITED 1553ka1
whoami Copyright 2019 FUJITSU COMPUTER TECHNOLOGIES LIMITED I have contributed to the following communities  Linux kernel  U-Boot  Yocto Project Developer of In-house Embedded Linux Distribution for Fujitsu Our Distribution is built with Yocto Project My team-member is maintainer of meta-spdxscanner(Lei Maohui) and dnf-plugin-tui(Zheng Ruoqin) Our Distribution is used for 80+ products  IVI  Server System Controller  Storage System  Network equipment etc.. Mainly platform community 1
Agenda Copyright 2019 FUJITSU COMPUTER TECHNOLOGIES LIMITED Why SPDX is needed? Simple introduction of “meta-spdxscanner” Case Study (CI/CD development) Future Work (Current effort) Finally The names of products are the product names, trademarks or registered trademarks of the respective companies. Trademark notices ((R),TM) are not necessarily displayed on system names and product names in this material. 2
Why SPDX is needed? Copyright 2019 FUJITSU COMPUTER TECHNOLOGIES LIMITED Difficult to manage OSS information in various formats product vendor SPDX OSS package information lack of information list delivery software A software B software C delivery delivery Company A Company B Company C supplier Missing OSS License Information!? 3
Why SPDX is needed? Copyright 2019 FUJITSU COMPUTER TECHNOLOGIES LIMITED Extracting all license and copyright information Centralized format of package information for easier management delivery software A software B software C delivery delivery Company A Company B Company C SPDX OSS package information SPDX SPDX Software Package Data eXchange ® Standard format for communicating licenses, copyrights, etc. concerning software packages SPDX is an efficient method to comply with OpenChain. 4
Simple introduction of “meta-spdxscanner” Copyright 2019 FUJITSU COMPUTER TECHNOLOGIES LIMITED  Patches come from 3rd party Yocto Project meta-spdxscanner SPDX files openembedded-core meta-oe meta-……  OSS source code ・default output: SPDX files (considering OpenChain) ・currently use fossology as a license scanner (but considering change to scancode-toolkit.) ・support for SPDX “Modification” field Yocto Project is embedded linux distribution build environment and De facto standard in WW. (e.g. Automotive Grade Linux (AGL), SoC vendor BSP … built with YP) do_fetch do_spdx do_package・・・do_unpack Yocto Build process 5
Case Study (CI/CD development)  If integration (CI) is performed, new OSS and license will be added, so it is necessary to clarify the license to deliver.  In CI/CD development, reducing scan time is an theme. e.g. In Weekly Deploy environment, If it takes several hours, it does not fit the development cycle. Copyright 2019 FUJITSU COMPUTER TECHNOLOGIES LIMITED scan time delivery delivery scan time delivery delivery scan scan delivery delivery time integration integration scan integration integrationscan integration integration 6
Case Study (CI/CD development)  “meta-spdxscanner” improved performance by reusing previous scan results. Copyright 2019 FUJITSU COMPUTER TECHNOLOGIES LIMITED 0 50 100 150 200 250 ntp busybox openssl openssh Spendtime(seconds) OSS first reuse 7
Future work (current effort)  Automatically import spdx files from Yocto build process to SW360 (OSS management tool). Copyright 2019 FUJITSU COMPUTER TECHNOLOGIES LIMITED meta-spdxscanner License scanner  Scan only files with differences. (Currently, If there are differences in the source file, the entire file is rescanned.) Automation Easier license-clearing! Output only differences to spdx 8
Finally Copyright 2019 FUJITSU COMPUTER TECHNOLOGIES LIMITED I'd appreciate it if you could give me feedback using meta-spdxscanner. github URL: https://github.com/dl9pf/meta-spdxscanner If you want to know more about meta-spdxscanner, please ask me. 9
Copyright 2019 FUJITSU COMPUTER TECHNOLOGIES LIMITED

Recommended

OpenChain Automotive Work Group Meeting #2 - Lyon
OpenChain Automotive Work Group Meeting #2 - LyonOpenChain Automotive Work Group Meeting #2 - Lyon
OpenChain Automotive Work Group Meeting #2 - LyonShane Coughlan
 
OpenChain Automation Case Study - September to December 2021
OpenChain Automation Case Study - September to December 2021OpenChain Automation Case Study - September to December 2021
OpenChain Automation Case Study - September to December 2021Shane Coughlan
 
Bosch: AN UPDATE ON OUR ACTIVITIES IN AUTOMATING OSS COMPLIANCE: A WORKING SH...
Bosch: AN UPDATE ON OUR ACTIVITIES IN AUTOMATING OSS COMPLIANCE: A WORKING SH...Bosch: AN UPDATE ON OUR ACTIVITIES IN AUTOMATING OSS COMPLIANCE: A WORKING SH...
Bosch: AN UPDATE ON OUR ACTIVITIES IN AUTOMATING OSS COMPLIANCE: A WORKING SH...Shane Coughlan
 
Using SW360 for OSS Compliance Management Process - A Toshiba Case Study for ...
Using SW360 for OSS Compliance Management Process - A Toshiba Case Study for ...Using SW360 for OSS Compliance Management Process - A Toshiba Case Study for ...
Using SW360 for OSS Compliance Management Process - A Toshiba Case Study for ...Shane Coughlan
 
OpenChain Automation Case Study - September to December 2021
OpenChain Automation Case Study - September to December 2021OpenChain Automation Case Study - September to December 2021
OpenChain Automation Case Study - September to December 2021Shane Coughlan
 
Toyota and Strategic Collaboration with the Community
Toyota and Strategic Collaboration with the CommunityToyota and Strategic Collaboration with the Community
Toyota and Strategic Collaboration with the CommunityShane Coughlan
 
Osborne Clarke - OpenChain - FOSSmatrix
Osborne Clarke - OpenChain - FOSSmatrixOsborne Clarke - OpenChain - FOSSmatrix
Osborne Clarke - OpenChain - FOSSmatrixShane Coughlan
 
Free and Open Source Software - Challenges for the Automotive Supply Chain
Free and Open Source Software - Challenges for the Automotive Supply ChainFree and Open Source Software - Challenges for the Automotive Supply Chain
Free and Open Source Software - Challenges for the Automotive Supply ChainShane Coughlan
 

Recommended

OpenChain Automotive Work Group Meeting #2 - Lyon
OpenChain Automotive Work Group Meeting #2 - LyonOpenChain Automotive Work Group Meeting #2 - Lyon
OpenChain Automotive Work Group Meeting #2 - LyonShane Coughlan
 
OpenChain Automation Case Study - September to December 2021
OpenChain Automation Case Study - September to December 2021OpenChain Automation Case Study - September to December 2021
OpenChain Automation Case Study - September to December 2021Shane Coughlan
 
Bosch: AN UPDATE ON OUR ACTIVITIES IN AUTOMATING OSS COMPLIANCE: A WORKING SH...
Bosch: AN UPDATE ON OUR ACTIVITIES IN AUTOMATING OSS COMPLIANCE: A WORKING SH...Bosch: AN UPDATE ON OUR ACTIVITIES IN AUTOMATING OSS COMPLIANCE: A WORKING SH...
Bosch: AN UPDATE ON OUR ACTIVITIES IN AUTOMATING OSS COMPLIANCE: A WORKING SH...Shane Coughlan
 
Using SW360 for OSS Compliance Management Process - A Toshiba Case Study for ...
Using SW360 for OSS Compliance Management Process - A Toshiba Case Study for ...Using SW360 for OSS Compliance Management Process - A Toshiba Case Study for ...
Using SW360 for OSS Compliance Management Process - A Toshiba Case Study for ...Shane Coughlan
 
OpenChain Automation Case Study - September to December 2021
OpenChain Automation Case Study - September to December 2021OpenChain Automation Case Study - September to December 2021
OpenChain Automation Case Study - September to December 2021Shane Coughlan
 
Toyota and Strategic Collaboration with the Community
Toyota and Strategic Collaboration with the CommunityToyota and Strategic Collaboration with the Community
Toyota and Strategic Collaboration with the CommunityShane Coughlan
 
Osborne Clarke - OpenChain - FOSSmatrix
Osborne Clarke - OpenChain - FOSSmatrixOsborne Clarke - OpenChain - FOSSmatrix
Osborne Clarke - OpenChain - FOSSmatrixShane Coughlan
 
Free and Open Source Software - Challenges for the Automotive Supply Chain
Free and Open Source Software - Challenges for the Automotive Supply ChainFree and Open Source Software - Challenges for the Automotive Supply Chain
Free and Open Source Software - Challenges for the Automotive Supply ChainShane Coughlan
 
Open Source at Scania
Open Source at ScaniaOpen Source at Scania
Open Source at ScaniaShane Coughlan
 
OpenChain Continual Improvement Case Studies
OpenChain Continual Improvement Case StudiesOpenChain Continual Improvement Case Studies
OpenChain Continual Improvement Case StudiesShane Coughlan
 
SFScon17 - Alessandro Narduzzo: " Organizing New Venture For A Dominant Design"
SFScon17 - Alessandro Narduzzo: " Organizing New Venture For A Dominant Design"SFScon17 - Alessandro Narduzzo: " Organizing New Venture For A Dominant Design"
SFScon17 - Alessandro Narduzzo: " Organizing New Venture For A Dominant Design"South Tyrol Free Software Conference
 
OpenChain Webinar #11 - cii-bp-badge-intro
OpenChain Webinar #11 - cii-bp-badge-introOpenChain Webinar #11 - cii-bp-badge-intro
OpenChain Webinar #11 - cii-bp-badge-introShane Coughlan
 
OpenChain Webinar #10 - Joint Development Foundation - 2020-08-17
OpenChain Webinar #10 - Joint Development Foundation - 2020-08-17OpenChain Webinar #10 - Joint Development Foundation - 2020-08-17
OpenChain Webinar #10 - Joint Development Foundation - 2020-08-17Shane Coughlan
 
OpenChain Webinar #11 - Open Source Issues Remediation - Jari Koivisto - 2020...
OpenChain Webinar #11 - Open Source Issues Remediation - Jari Koivisto - 2020...OpenChain Webinar #11 - Open Source Issues Remediation - Jari Koivisto - 2020...
OpenChain Webinar #11 - Open Source Issues Remediation - Jari Koivisto - 2020...Shane Coughlan
 
OpenChain Japan Work Group Meeting #16 - Remote Meeting #3
OpenChain Japan Work Group Meeting #16 - Remote Meeting #3OpenChain Japan Work Group Meeting #16 - Remote Meeting #3
OpenChain Japan Work Group Meeting #16 - Remote Meeting #3Shane Coughlan
 
OpenChain Japan Work Group Meeting #18 (Virtual Meeting #5) - Keynote Message
OpenChain Japan Work Group Meeting #18 (Virtual Meeting #5) - Keynote MessageOpenChain Japan Work Group Meeting #18 (Virtual Meeting #5) - Keynote Message
OpenChain Japan Work Group Meeting #18 (Virtual Meeting #5) - Keynote MessageShane Coughlan
 
Licensing in Composite Open Source Projects
Licensing in Composite Open Source ProjectsLicensing in Composite Open Source Projects
Licensing in Composite Open Source ProjectsProtecode
 
Licensing in Composite Projects
Licensing in Composite ProjectsLicensing in Composite Projects
Licensing in Composite ProjectsTiberius Forrester
 
Sogeti Software Maintainability Roadshow
Sogeti Software Maintainability RoadshowSogeti Software Maintainability Roadshow
Sogeti Software Maintainability RoadshowPeter Rombouts
 
Maintainability Sogeti Qx Day 2020
Maintainability Sogeti Qx Day 2020Maintainability Sogeti Qx Day 2020
Maintainability Sogeti Qx Day 2020Peter Rombouts
 
Sogeti Java Meetup - How to ensure your code is maintainable
Sogeti Java Meetup - How to ensure your code is maintainableSogeti Java Meetup - How to ensure your code is maintainable
Sogeti Java Meetup - How to ensure your code is maintainablePeter Rombouts
 
Giving Everyone Access To Open Source Best Practices: The OpenChain Curriculum
Giving Everyone Access To Open Source Best Practices: The OpenChain CurriculumGiving Everyone Access To Open Source Best Practices: The OpenChain Curriculum
Giving Everyone Access To Open Source Best Practices: The OpenChain CurriculumShane Coughlan
 
Software Heritage, a revolutionary infrastructure for software source code, O...
Software Heritage, a revolutionary infrastructure for software source code, O...Software Heritage, a revolutionary infrastructure for software source code, O...
Software Heritage, a revolutionary infrastructure for software source code, O...OW2
 
OpenChain & OpenUK Future Leaders Group Presentation (Reduced)
OpenChain & OpenUK Future Leaders Group Presentation (Reduced)OpenChain & OpenUK Future Leaders Group Presentation (Reduced)
OpenChain & OpenUK Future Leaders Group Presentation (Reduced)Shane Coughlan
 
From legacy code to continuous integration
From legacy code to continuous integrationFrom legacy code to continuous integration
From legacy code to continuous integrationMatheus Marabesi
 
OIDF Workshop 4/29/2019 -- OpenID Research & Education Working Group Update
OIDF Workshop 4/29/2019 -- OpenID Research & Education Working Group UpdateOIDF Workshop 4/29/2019 -- OpenID Research & Education Working Group Update
OIDF Workshop 4/29/2019 -- OpenID Research & Education Working Group UpdateOpenIDFoundation
 
Ndg linux unhatched 0920 dm
Ndg linux unhatched 0920 dmNdg linux unhatched 0920 dm
Ndg linux unhatched 0920 dmHARUN PEHLIVAN
 
Open Source In Enterprises Apache2009 Beijing Jack Cai
Open Source In Enterprises Apache2009 Beijing Jack CaiOpen Source In Enterprises Apache2009 Beijing Jack Cai
Open Source In Enterprises Apache2009 Beijing Jack CaiOpenSourceCamp
 
How to Manage OSS Licenses in CI/CD Development
How to Manage OSS Licenses in CI/CD DevelopmentHow to Manage OSS Licenses in CI/CD Development
How to Manage OSS Licenses in CI/CD DevelopmentShane Coughlan
 
The Yocto Project
The Yocto ProjectThe Yocto Project
The Yocto Projectrossburton
 

More Related Content

What's hot

OpenChain Continual Improvement Case Studies
OpenChain Continual Improvement Case StudiesOpenChain Continual Improvement Case Studies
OpenChain Continual Improvement Case StudiesShane Coughlan
 
SFScon17 - Alessandro Narduzzo: " Organizing New Venture For A Dominant Design"
SFScon17 - Alessandro Narduzzo: " Organizing New Venture For A Dominant Design"SFScon17 - Alessandro Narduzzo: " Organizing New Venture For A Dominant Design"
SFScon17 - Alessandro Narduzzo: " Organizing New Venture For A Dominant Design"South Tyrol Free Software Conference
 
OpenChain Webinar #11 - cii-bp-badge-intro
OpenChain Webinar #11 - cii-bp-badge-introOpenChain Webinar #11 - cii-bp-badge-intro
OpenChain Webinar #11 - cii-bp-badge-introShane Coughlan
 
OpenChain Webinar #10 - Joint Development Foundation - 2020-08-17
OpenChain Webinar #10 - Joint Development Foundation - 2020-08-17OpenChain Webinar #10 - Joint Development Foundation - 2020-08-17
OpenChain Webinar #10 - Joint Development Foundation - 2020-08-17Shane Coughlan
 
OpenChain Webinar #11 - Open Source Issues Remediation - Jari Koivisto - 2020...
OpenChain Webinar #11 - Open Source Issues Remediation - Jari Koivisto - 2020...OpenChain Webinar #11 - Open Source Issues Remediation - Jari Koivisto - 2020...
OpenChain Webinar #11 - Open Source Issues Remediation - Jari Koivisto - 2020...Shane Coughlan
 
OpenChain Japan Work Group Meeting #16 - Remote Meeting #3
OpenChain Japan Work Group Meeting #16 - Remote Meeting #3OpenChain Japan Work Group Meeting #16 - Remote Meeting #3
OpenChain Japan Work Group Meeting #16 - Remote Meeting #3Shane Coughlan
 
OpenChain Japan Work Group Meeting #18 (Virtual Meeting #5) - Keynote Message
OpenChain Japan Work Group Meeting #18 (Virtual Meeting #5) - Keynote MessageOpenChain Japan Work Group Meeting #18 (Virtual Meeting #5) - Keynote Message
OpenChain Japan Work Group Meeting #18 (Virtual Meeting #5) - Keynote MessageShane Coughlan
 
Licensing in Composite Open Source Projects
Licensing in Composite Open Source ProjectsLicensing in Composite Open Source Projects
Licensing in Composite Open Source ProjectsProtecode
 
Licensing in Composite Projects
Licensing in Composite ProjectsLicensing in Composite Projects
Licensing in Composite ProjectsTiberius Forrester
 
Sogeti Software Maintainability Roadshow
Sogeti Software Maintainability RoadshowSogeti Software Maintainability Roadshow
Sogeti Software Maintainability RoadshowPeter Rombouts
 
Maintainability Sogeti Qx Day 2020
Maintainability Sogeti Qx Day 2020Maintainability Sogeti Qx Day 2020
Maintainability Sogeti Qx Day 2020Peter Rombouts
 
Sogeti Java Meetup - How to ensure your code is maintainable
Sogeti Java Meetup - How to ensure your code is maintainableSogeti Java Meetup - How to ensure your code is maintainable
Sogeti Java Meetup - How to ensure your code is maintainablePeter Rombouts
 
Giving Everyone Access To Open Source Best Practices: The OpenChain Curriculum
Giving Everyone Access To Open Source Best Practices: The OpenChain CurriculumGiving Everyone Access To Open Source Best Practices: The OpenChain Curriculum
Giving Everyone Access To Open Source Best Practices: The OpenChain CurriculumShane Coughlan
 
Software Heritage, a revolutionary infrastructure for software source code, O...
Software Heritage, a revolutionary infrastructure for software source code, O...Software Heritage, a revolutionary infrastructure for software source code, O...
Software Heritage, a revolutionary infrastructure for software source code, O...OW2
 
OpenChain & OpenUK Future Leaders Group Presentation (Reduced)
OpenChain & OpenUK Future Leaders Group Presentation (Reduced)OpenChain & OpenUK Future Leaders Group Presentation (Reduced)
OpenChain & OpenUK Future Leaders Group Presentation (Reduced)Shane Coughlan
 
From legacy code to continuous integration
From legacy code to continuous integrationFrom legacy code to continuous integration
From legacy code to continuous integrationMatheus Marabesi
 
OIDF Workshop 4/29/2019 -- OpenID Research & Education Working Group Update
OIDF Workshop 4/29/2019 -- OpenID Research & Education Working Group UpdateOIDF Workshop 4/29/2019 -- OpenID Research & Education Working Group Update
OIDF Workshop 4/29/2019 -- OpenID Research & Education Working Group UpdateOpenIDFoundation
 
Ndg linux unhatched 0920 dm
Ndg linux unhatched 0920 dmNdg linux unhatched 0920 dm
Ndg linux unhatched 0920 dmHARUN PEHLIVAN
 
Open Source In Enterprises Apache2009 Beijing Jack Cai
Open Source In Enterprises Apache2009 Beijing Jack CaiOpen Source In Enterprises Apache2009 Beijing Jack Cai
Open Source In Enterprises Apache2009 Beijing Jack CaiOpenSourceCamp
 

What's hot (20)

Open Source at Scania
Open Source at ScaniaOpen Source at Scania
Open Source at Scania
 
OpenChain Continual Improvement Case Studies
OpenChain Continual Improvement Case StudiesOpenChain Continual Improvement Case Studies
OpenChain Continual Improvement Case Studies
 
SFScon17 - Alessandro Narduzzo: " Organizing New Venture For A Dominant Design"
SFScon17 - Alessandro Narduzzo: " Organizing New Venture For A Dominant Design"SFScon17 - Alessandro Narduzzo: " Organizing New Venture For A Dominant Design"
SFScon17 - Alessandro Narduzzo: " Organizing New Venture For A Dominant Design"
 
OpenChain Webinar #11 - cii-bp-badge-intro
OpenChain Webinar #11 - cii-bp-badge-introOpenChain Webinar #11 - cii-bp-badge-intro
OpenChain Webinar #11 - cii-bp-badge-intro
 
OpenChain Webinar #10 - Joint Development Foundation - 2020-08-17
OpenChain Webinar #10 - Joint Development Foundation - 2020-08-17OpenChain Webinar #10 - Joint Development Foundation - 2020-08-17
OpenChain Webinar #10 - Joint Development Foundation - 2020-08-17
 
OpenChain Webinar #11 - Open Source Issues Remediation - Jari Koivisto - 2020...
OpenChain Webinar #11 - Open Source Issues Remediation - Jari Koivisto - 2020...OpenChain Webinar #11 - Open Source Issues Remediation - Jari Koivisto - 2020...
OpenChain Webinar #11 - Open Source Issues Remediation - Jari Koivisto - 2020...
 
OpenChain Japan Work Group Meeting #16 - Remote Meeting #3
OpenChain Japan Work Group Meeting #16 - Remote Meeting #3OpenChain Japan Work Group Meeting #16 - Remote Meeting #3
OpenChain Japan Work Group Meeting #16 - Remote Meeting #3
 
OpenChain Japan Work Group Meeting #18 (Virtual Meeting #5) - Keynote Message
OpenChain Japan Work Group Meeting #18 (Virtual Meeting #5) - Keynote MessageOpenChain Japan Work Group Meeting #18 (Virtual Meeting #5) - Keynote Message
OpenChain Japan Work Group Meeting #18 (Virtual Meeting #5) - Keynote Message
 
Licensing in Composite Open Source Projects
Licensing in Composite Open Source ProjectsLicensing in Composite Open Source Projects
Licensing in Composite Open Source Projects
 
Licensing in Composite Projects
Licensing in Composite ProjectsLicensing in Composite Projects
Licensing in Composite Projects
 
Sogeti Software Maintainability Roadshow
Sogeti Software Maintainability RoadshowSogeti Software Maintainability Roadshow
Sogeti Software Maintainability Roadshow
 
Maintainability Sogeti Qx Day 2020
Maintainability Sogeti Qx Day 2020Maintainability Sogeti Qx Day 2020
Maintainability Sogeti Qx Day 2020
 
Sogeti Java Meetup - How to ensure your code is maintainable
Sogeti Java Meetup - How to ensure your code is maintainableSogeti Java Meetup - How to ensure your code is maintainable
Sogeti Java Meetup - How to ensure your code is maintainable
 
Giving Everyone Access To Open Source Best Practices: The OpenChain Curriculum
Giving Everyone Access To Open Source Best Practices: The OpenChain CurriculumGiving Everyone Access To Open Source Best Practices: The OpenChain Curriculum
Giving Everyone Access To Open Source Best Practices: The OpenChain Curriculum
 
Software Heritage, a revolutionary infrastructure for software source code, O...
Software Heritage, a revolutionary infrastructure for software source code, O...Software Heritage, a revolutionary infrastructure for software source code, O...
Software Heritage, a revolutionary infrastructure for software source code, O...
 
OpenChain & OpenUK Future Leaders Group Presentation (Reduced)
OpenChain & OpenUK Future Leaders Group Presentation (Reduced)OpenChain & OpenUK Future Leaders Group Presentation (Reduced)
OpenChain & OpenUK Future Leaders Group Presentation (Reduced)
 
From legacy code to continuous integration
From legacy code to continuous integrationFrom legacy code to continuous integration
From legacy code to continuous integration
 
OIDF Workshop 4/29/2019 -- OpenID Research & Education Working Group Update
OIDF Workshop 4/29/2019 -- OpenID Research & Education Working Group UpdateOIDF Workshop 4/29/2019 -- OpenID Research & Education Working Group Update
OIDF Workshop 4/29/2019 -- OpenID Research & Education Working Group Update
 
Ndg linux unhatched 0920 dm
Ndg linux unhatched 0920 dmNdg linux unhatched 0920 dm
Ndg linux unhatched 0920 dm
 
Open Source In Enterprises Apache2009 Beijing Jack Cai
Open Source In Enterprises Apache2009 Beijing Jack CaiOpen Source In Enterprises Apache2009 Beijing Jack Cai
Open Source In Enterprises Apache2009 Beijing Jack Cai
 

Similar to OpenChain: How to manage OSS licenses for CI/CD development

How to Manage OSS Licenses in CI/CD Development
How to Manage OSS Licenses in CI/CD DevelopmentHow to Manage OSS Licenses in CI/CD Development
How to Manage OSS Licenses in CI/CD DevelopmentShane Coughlan
 
The Yocto Project
The Yocto ProjectThe Yocto Project
The Yocto Projectrossburton
 
TDC2016SP - Trilha Linux Embarcado
TDC2016SP - Trilha Linux EmbarcadoTDC2016SP - Trilha Linux Embarcado
TDC2016SP - Trilha Linux Embarcadotdc-globalcode
 
Why you should use the Yocto Project
Why you should use the Yocto ProjectWhy you should use the Yocto Project
Why you should use the Yocto Projectrossburton
 
Why the yocto project for my io t project elc_edinburgh_2018
Why the yocto project for my io t project elc_edinburgh_2018Why the yocto project for my io t project elc_edinburgh_2018
Why the yocto project for my io t project elc_edinburgh_2018Mender.io
 
CNCF and Fujitsu
CNCF and FujitsuCNCF and Fujitsu
CNCF and FujitsuLF Events
 
Improving User Experience with Ubiquitous QuickBoot
Improving User Experience with Ubiquitous QuickBoot Improving User Experience with Ubiquitous QuickBoot
Improving User Experience with Ubiquitous QuickBootICS
 
Randstad Docker meetup - Serverless
Randstad Docker meetup - ServerlessRandstad Docker meetup - Serverless
Randstad Docker meetup - ServerlessDavid Delabassee
 
UplinQ - ubuntu linux on the qualcomm® snapdragon™ 600 processor
UplinQ - ubuntu linux on the qualcomm® snapdragon™ 600 processorUplinQ - ubuntu linux on the qualcomm® snapdragon™ 600 processor
UplinQ - ubuntu linux on the qualcomm® snapdragon™ 600 processorSatya Harish
 
TI TechDays 2010: swiftBoot
TI TechDays 2010: swiftBootTI TechDays 2010: swiftBoot
TI TechDays 2010: swiftBootandrewmurraympc
 
Embedded Linux BSP Training (Intro)
Embedded Linux BSP Training (Intro)Embedded Linux BSP Training (Intro)
Embedded Linux BSP Training (Intro)RuggedBoardGroup
 
IoTivity for Automotive: meta-ocf-automotive tutorial
IoTivity for Automotive: meta-ocf-automotive tutorialIoTivity for Automotive: meta-ocf-automotive tutorial
IoTivity for Automotive: meta-ocf-automotive tutorialSamsung Open Source Group
 
Civil Infrastructure Platform: Industrial Grade SLTS Kernel and Base-layer De...
Civil Infrastructure Platform: Industrial Grade SLTS Kernel and Base-layer De...Civil Infrastructure Platform: Industrial Grade SLTS Kernel and Base-layer De...
Civil Infrastructure Platform: Industrial Grade SLTS Kernel and Base-layer De...Yoshitake Kobayashi
 
Strata - Scaling Jupyter with Jupyter Enterprise Gateway
Strata - Scaling Jupyter with Jupyter Enterprise GatewayStrata - Scaling Jupyter with Jupyter Enterprise Gateway
Strata - Scaling Jupyter with Jupyter Enterprise GatewayLuciano Resende
 
如何在 Ubuntu 上更快、更便捷地部署物联网设备
如何在 Ubuntu 上更快、更便捷地部署物联网设备如何在 Ubuntu 上更快、更便捷地部署物联网设备
如何在 Ubuntu 上更快、更便捷地部署物联网设备Rex Tsai
 
LAS16-200: Firmware summit - Tianocore Progress and Status
LAS16-200: Firmware summit - Tianocore Progress and StatusLAS16-200: Firmware summit - Tianocore Progress and Status
LAS16-200: Firmware summit - Tianocore Progress and StatusLinaro
 
Kernel Recipes 2017 - Developing an embedded video application on dual Linux ...
Kernel Recipes 2017 - Developing an embedded video application on dual Linux ...Kernel Recipes 2017 - Developing an embedded video application on dual Linux ...
Kernel Recipes 2017 - Developing an embedded video application on dual Linux ...Anne Nicolas
 

Similar to OpenChain: How to manage OSS licenses for CI/CD development (20)

How to Manage OSS Licenses in CI/CD Development
How to Manage OSS Licenses in CI/CD DevelopmentHow to Manage OSS Licenses in CI/CD Development
How to Manage OSS Licenses in CI/CD Development
 
The Yocto Project
The Yocto ProjectThe Yocto Project
The Yocto Project
 
TDC2016SP - Trilha Linux Embarcado
TDC2016SP - Trilha Linux EmbarcadoTDC2016SP - Trilha Linux Embarcado
TDC2016SP - Trilha Linux Embarcado
 
Contiki OS Research Projects Guidance
Contiki OS Research Projects GuidanceContiki OS Research Projects Guidance
Contiki OS Research Projects Guidance
 
Why you should use the Yocto Project
Why you should use the Yocto ProjectWhy you should use the Yocto Project
Why you should use the Yocto Project
 
Bringing Tizen to a Raspberry Pi 2 Near You
Bringing Tizen to a Raspberry Pi 2 Near YouBringing Tizen to a Raspberry Pi 2 Near You
Bringing Tizen to a Raspberry Pi 2 Near You
 
Why the yocto project for my io t project elc_edinburgh_2018
Why the yocto project for my io t project elc_edinburgh_2018Why the yocto project for my io t project elc_edinburgh_2018
Why the yocto project for my io t project elc_edinburgh_2018
 
CNCF and Fujitsu
CNCF and FujitsuCNCF and Fujitsu
CNCF and Fujitsu
 
Improving User Experience with Ubiquitous QuickBoot
Improving User Experience with Ubiquitous QuickBoot Improving User Experience with Ubiquitous QuickBoot
Improving User Experience with Ubiquitous QuickBoot
 
Randstad Docker meetup - Serverless
Randstad Docker meetup - ServerlessRandstad Docker meetup - Serverless
Randstad Docker meetup - Serverless
 
UEFI presentation
UEFI presentationUEFI presentation
UEFI presentation
 
UplinQ - ubuntu linux on the qualcomm® snapdragon™ 600 processor
UplinQ - ubuntu linux on the qualcomm® snapdragon™ 600 processorUplinQ - ubuntu linux on the qualcomm® snapdragon™ 600 processor
UplinQ - ubuntu linux on the qualcomm® snapdragon™ 600 processor
 
TI TechDays 2010: swiftBoot
TI TechDays 2010: swiftBootTI TechDays 2010: swiftBoot
TI TechDays 2010: swiftBoot
 
Embedded Linux BSP Training (Intro)
Embedded Linux BSP Training (Intro)Embedded Linux BSP Training (Intro)
Embedded Linux BSP Training (Intro)
 
IoTivity for Automotive: meta-ocf-automotive tutorial
IoTivity for Automotive: meta-ocf-automotive tutorialIoTivity for Automotive: meta-ocf-automotive tutorial
IoTivity for Automotive: meta-ocf-automotive tutorial
 
Civil Infrastructure Platform: Industrial Grade SLTS Kernel and Base-layer De...
Civil Infrastructure Platform: Industrial Grade SLTS Kernel and Base-layer De...Civil Infrastructure Platform: Industrial Grade SLTS Kernel and Base-layer De...
Civil Infrastructure Platform: Industrial Grade SLTS Kernel and Base-layer De...
 
Strata - Scaling Jupyter with Jupyter Enterprise Gateway
Strata - Scaling Jupyter with Jupyter Enterprise GatewayStrata - Scaling Jupyter with Jupyter Enterprise Gateway
Strata - Scaling Jupyter with Jupyter Enterprise Gateway
 
如何在 Ubuntu 上更快、更便捷地部署物联网设备
如何在 Ubuntu 上更快、更便捷地部署物联网设备如何在 Ubuntu 上更快、更便捷地部署物联网设备
如何在 Ubuntu 上更快、更便捷地部署物联网设备
 
LAS16-200: Firmware summit - Tianocore Progress and Status
LAS16-200: Firmware summit - Tianocore Progress and StatusLAS16-200: Firmware summit - Tianocore Progress and Status
LAS16-200: Firmware summit - Tianocore Progress and Status
 
Kernel Recipes 2017 - Developing an embedded video application on dual Linux ...
Kernel Recipes 2017 - Developing an embedded video application on dual Linux ...Kernel Recipes 2017 - Developing an embedded video application on dual Linux ...
Kernel Recipes 2017 - Developing an embedded video application on dual Linux ...
 

More from Shane Coughlan

OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full RecordingOpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full RecordingShane Coughlan
 
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full RecordingOpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full RecordingShane Coughlan
 
OpenChain Monthly Meeting North America and Asia - 2024-03-19
OpenChain Monthly Meeting North America and Asia - 2024-03-19OpenChain Monthly Meeting North America and Asia - 2024-03-19
OpenChain Monthly Meeting North America and Asia - 2024-03-19Shane Coughlan
 
OpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS CalculatorOpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS CalculatorShane Coughlan
 
openEuler Community Overview - a presentation showing the current scale
openEuler Community Overview - a presentation showing the current scaleopenEuler Community Overview - a presentation showing the current scale
openEuler Community Overview - a presentation showing the current scaleShane Coughlan
 
OpenChain AI Study Group - North America and Europe - 2024-02-20
OpenChain AI Study Group - North America and Europe - 2024-02-20OpenChain AI Study Group - North America and Europe - 2024-02-20
OpenChain AI Study Group - North America and Europe - 2024-02-20Shane Coughlan
 
AI Study Group North America - Europe 2024-02-06
AI Study Group North America - Europe 2024-02-06AI Study Group North America - Europe 2024-02-06
AI Study Group North America - Europe 2024-02-06Shane Coughlan
 
OpenChain Monthly North America / Europe Call - 2024-02-06
OpenChain Monthly North America / Europe Call - 2024-02-06OpenChain Monthly North America / Europe Call - 2024-02-06
OpenChain Monthly North America / Europe Call - 2024-02-06Shane Coughlan
 
OpenChain Export Control Work Group 2024-01-09
OpenChain Export Control Work Group 2024-01-09OpenChain Export Control Work Group 2024-01-09
OpenChain Export Control Work Group 2024-01-09Shane Coughlan
 
OpenChain Legal Work Group - 2024-01-17
OpenChain Legal Work Group - 2024-01-17OpenChain Legal Work Group - 2024-01-17
OpenChain Legal Work Group - 2024-01-17Shane Coughlan
 
Openchain AI Study Group 2024-01-23.pptx
Openchain AI Study Group 2024-01-23.pptxOpenchain AI Study Group 2024-01-23.pptx
Openchain AI Study Group 2024-01-23.pptxShane Coughlan
 
OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...
OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...
OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...Shane Coughlan
 
Maturity Models - Open Compliance Summit 2023
Maturity Models - Open Compliance Summit 2023Maturity Models - Open Compliance Summit 2023
Maturity Models - Open Compliance Summit 2023Shane Coughlan
 
OpenChain Annual Report 2023 - Key Metrics Slides
OpenChain Annual Report 2023 - Key Metrics SlidesOpenChain Annual Report 2023 - Key Metrics Slides
OpenChain Annual Report 2023 - Key Metrics SlidesShane Coughlan
 
OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27
OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27
OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27Shane Coughlan
 
FOSSLight Community Day 2023-11-30
FOSSLight Community Day 2023-11-30FOSSLight Community Day 2023-11-30
FOSSLight Community Day 2023-11-30Shane Coughlan
 
OpenChain Webinar #56: Generative AI and Your Code
OpenChain Webinar #56: Generative AI and Your CodeOpenChain Webinar #56: Generative AI and Your Code
OpenChain Webinar #56: Generative AI and Your CodeShane Coughlan
 
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptx
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptxFrom One Standard to a Family - Taiwan Work Group - 2023-08-15.pptx
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptxShane Coughlan
 
OpenChain Japan Work Group Meeting #28 - 2023-07-11
OpenChain Japan Work Group Meeting #28 - 2023-07-11OpenChain Japan Work Group Meeting #28 - 2023-07-11
OpenChain Japan Work Group Meeting #28 - 2023-07-11Shane Coughlan
 
OpenChain Legal Work Group - 2023-06-29
OpenChain Legal Work Group - 2023-06-29OpenChain Legal Work Group - 2023-06-29
OpenChain Legal Work Group - 2023-06-29Shane Coughlan
 

More from Shane Coughlan (20)

OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full RecordingOpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
 
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full RecordingOpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
 
OpenChain Monthly Meeting North America and Asia - 2024-03-19
OpenChain Monthly Meeting North America and Asia - 2024-03-19OpenChain Monthly Meeting North America and Asia - 2024-03-19
OpenChain Monthly Meeting North America and Asia - 2024-03-19
 
OpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS CalculatorOpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS Calculator
 
openEuler Community Overview - a presentation showing the current scale
openEuler Community Overview - a presentation showing the current scaleopenEuler Community Overview - a presentation showing the current scale
openEuler Community Overview - a presentation showing the current scale
 
OpenChain AI Study Group - North America and Europe - 2024-02-20
OpenChain AI Study Group - North America and Europe - 2024-02-20OpenChain AI Study Group - North America and Europe - 2024-02-20
OpenChain AI Study Group - North America and Europe - 2024-02-20
 
AI Study Group North America - Europe 2024-02-06
AI Study Group North America - Europe 2024-02-06AI Study Group North America - Europe 2024-02-06
AI Study Group North America - Europe 2024-02-06
 
OpenChain Monthly North America / Europe Call - 2024-02-06
OpenChain Monthly North America / Europe Call - 2024-02-06OpenChain Monthly North America / Europe Call - 2024-02-06
OpenChain Monthly North America / Europe Call - 2024-02-06
 
OpenChain Export Control Work Group 2024-01-09
OpenChain Export Control Work Group 2024-01-09OpenChain Export Control Work Group 2024-01-09
OpenChain Export Control Work Group 2024-01-09
 
OpenChain Legal Work Group - 2024-01-17
OpenChain Legal Work Group - 2024-01-17OpenChain Legal Work Group - 2024-01-17
OpenChain Legal Work Group - 2024-01-17
 
Openchain AI Study Group 2024-01-23.pptx
Openchain AI Study Group 2024-01-23.pptxOpenchain AI Study Group 2024-01-23.pptx
Openchain AI Study Group 2024-01-23.pptx
 
OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...
OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...
OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...
 
Maturity Models - Open Compliance Summit 2023
Maturity Models - Open Compliance Summit 2023Maturity Models - Open Compliance Summit 2023
Maturity Models - Open Compliance Summit 2023
 
OpenChain Annual Report 2023 - Key Metrics Slides
OpenChain Annual Report 2023 - Key Metrics SlidesOpenChain Annual Report 2023 - Key Metrics Slides
OpenChain Annual Report 2023 - Key Metrics Slides
 
OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27
OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27
OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27
 
FOSSLight Community Day 2023-11-30
FOSSLight Community Day 2023-11-30FOSSLight Community Day 2023-11-30
FOSSLight Community Day 2023-11-30
 
OpenChain Webinar #56: Generative AI and Your Code
OpenChain Webinar #56: Generative AI and Your CodeOpenChain Webinar #56: Generative AI and Your Code
OpenChain Webinar #56: Generative AI and Your Code
 
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptx
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptxFrom One Standard to a Family - Taiwan Work Group - 2023-08-15.pptx
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptx
 
OpenChain Japan Work Group Meeting #28 - 2023-07-11
OpenChain Japan Work Group Meeting #28 - 2023-07-11OpenChain Japan Work Group Meeting #28 - 2023-07-11
OpenChain Japan Work Group Meeting #28 - 2023-07-11
 
OpenChain Legal Work Group - 2023-06-29
OpenChain Legal Work Group - 2023-06-29OpenChain Legal Work Group - 2023-06-29
OpenChain Legal Work Group - 2023-06-29
 

Recently uploaded

Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...OnePlan Solutions
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based projectAnoyGreter
 
UI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptxUI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptxAndreas Kunz
 
How To Manage Restaurant Staff -BTRESTRO
How To Manage Restaurant Staff -BTRESTROHow To Manage Restaurant Staff -BTRESTRO
How To Manage Restaurant Staff -BTRESTROmotivationalword821
 
PREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationPREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationvaddepallysandeep122
 
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanySuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanyChristoph Pohl
 
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...Akihiro Suda
 
Odoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 EnterpriseOdoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 Enterprisepreethippts
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEEVICTOR MAESTRE RAMIREZ
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsAhmed Mohamed
 
Sending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdfSending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdf31events.com
 
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作qr0udbr0
 
Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Velvetech LLC
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaHanief Utama
 
Innovate and Collaborate- Harnessing the Power of Open Source Software.pdf
Innovate and Collaborate- Harnessing the Power of Open Source Software.pdfInnovate and Collaborate- Harnessing the Power of Open Source Software.pdf
Innovate and Collaborate- Harnessing the Power of Open Source Software.pdfYashikaSharma391629
 
Comparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdfComparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdfDrew Moseley
 
CRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceCRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceBrainSell Technologies
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureDinusha Kumarasiri
 
Precise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalPrecise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalLionel Briand
 

Recently uploaded (20)

Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based project
 
UI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptxUI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptx
 
How To Manage Restaurant Staff -BTRESTRO
How To Manage Restaurant Staff -BTRESTROHow To Manage Restaurant Staff -BTRESTRO
How To Manage Restaurant Staff -BTRESTRO
 
PREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationPREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentation
 
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanySuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
 
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
 
Odoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 EnterpriseOdoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 Enterprise
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEE
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML Diagrams
 
Sending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdfSending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdf
 
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作
 
Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief Utama
 
Innovate and Collaborate- Harnessing the Power of Open Source Software.pdf
Innovate and Collaborate- Harnessing the Power of Open Source Software.pdfInnovate and Collaborate- Harnessing the Power of Open Source Software.pdf
Innovate and Collaborate- Harnessing the Power of Open Source Software.pdf
 
Comparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdfComparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdf
 
CRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceCRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. Salesforce
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with Azure
 
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort ServiceHot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
 
Precise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalPrecise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive Goal
 

OpenChain: How to manage OSS licenses for CI/CD development

  • 1. How to manage OSS licenses for CI/CD development Takuma Ueba Fujitsu Computer Technologies Limited Copyright 2019 FUJITSU COMPUTER TECHNOLOGIES LIMITED 1553ka1
  • 2. whoami Copyright 2019 FUJITSU COMPUTER TECHNOLOGIES LIMITED I have contributed to the following communities  Linux kernel  U-Boot  Yocto Project Developer of In-house Embedded Linux Distribution for Fujitsu Our Distribution is built with Yocto Project My team-member is maintainer of meta-spdxscanner(Lei Maohui) and dnf-plugin-tui(Zheng Ruoqin) Our Distribution is used for 80+ products  IVI  Server System Controller  Storage System  Network equipment etc.. Mainly platform community 1
  • 3. Agenda Copyright 2019 FUJITSU COMPUTER TECHNOLOGIES LIMITED Why SPDX is needed? Simple introduction of “meta-spdxscanner” Case Study (CI/CD development) Future Work (Current effort) Finally The names of products are the product names, trademarks or registered trademarks of the respective companies. Trademark notices ((R),TM) are not necessarily displayed on system names and product names in this material. 2
  • 4. Why SPDX is needed? Copyright 2019 FUJITSU COMPUTER TECHNOLOGIES LIMITED Difficult to manage OSS information in various formats product vendor SPDX OSS package information lack of information list delivery software A software B software C delivery delivery Company A Company B Company C supplier Missing OSS License Information!? 3
  • 5. Why SPDX is needed? Copyright 2019 FUJITSU COMPUTER TECHNOLOGIES LIMITED Extracting all license and copyright information Centralized format of package information for easier management delivery software A software B software C delivery delivery Company A Company B Company C SPDX OSS package information SPDX SPDX Software Package Data eXchange ® Standard format for communicating licenses, copyrights, etc. concerning software packages SPDX is an efficient method to comply with OpenChain. 4
  • 6. Simple introduction of “meta-spdxscanner” Copyright 2019 FUJITSU COMPUTER TECHNOLOGIES LIMITED  Patches come from 3rd party Yocto Project meta-spdxscanner SPDX files openembedded-core meta-oe meta-……  OSS source code ・default output: SPDX files (considering OpenChain) ・currently use fossology as a license scanner (but considering change to scancode-toolkit.) ・support for SPDX “Modification” field Yocto Project is embedded linux distribution build environment and De facto standard in WW. (e.g. Automotive Grade Linux (AGL), SoC vendor BSP … built with YP) do_fetch do_spdx do_package・・・do_unpack Yocto Build process 5
  • 7. Case Study (CI/CD development)  If integration (CI) is performed, new OSS and license will be added, so it is necessary to clarify the license to deliver.  In CI/CD development, reducing scan time is an theme. e.g. In Weekly Deploy environment, If it takes several hours, it does not fit the development cycle. Copyright 2019 FUJITSU COMPUTER TECHNOLOGIES LIMITED scan time delivery delivery scan time delivery delivery scan scan delivery delivery time integration integration scan integration integrationscan integration integration 6
  • 8. Case Study (CI/CD development)  “meta-spdxscanner” improved performance by reusing previous scan results. Copyright 2019 FUJITSU COMPUTER TECHNOLOGIES LIMITED 0 50 100 150 200 250 ntp busybox openssl openssh Spendtime(seconds) OSS first reuse 7
  • 9. Future work (current effort)  Automatically import spdx files from Yocto build process to SW360 (OSS management tool). Copyright 2019 FUJITSU COMPUTER TECHNOLOGIES LIMITED meta-spdxscanner License scanner  Scan only files with differences. (Currently, If there are differences in the source file, the entire file is rescanned.) Automation Easier license-clearing! Output only differences to spdx 8
  • 10. Finally Copyright 2019 FUJITSU COMPUTER TECHNOLOGIES LIMITED I'd appreciate it if you could give me feedback using meta-spdxscanner. github URL: https://github.com/dl9pf/meta-spdxscanner If you want to know more about meta-spdxscanner, please ask me. 9
  • 11. Copyright 2019 FUJITSU COMPUTER TECHNOLOGIES LIMITED

Editor's Notes

  1. 0
  2. 1
  3. 2
  4. 3
  5. 4
  6. 5
  7. 9