Kickoff meeting open
source tooling for open
source compliance work
group
© Siemens AG 2019

2019Unrestricted Oliver Fendt
Agenda
Top Name Actors
1. Introduction and expectations All
2. Vision All
3. Introduction of the existing work Oliver
4. Next steps All
5. Fixed meeting dates/times Oliver
Meeting procedings: is it ok that these meetings are recoded – for compiling the minutes for the others?

2019Unrestricted Oliver Fendt
Introduction and expectations
Who you are
Company you work for
Tasks you do
Your expectation regarding the working group
Your expectation regarding the work results

2019Unrestricted Oliver Fendt
Vision
Picture by Gerd Altmann on https//pixabay.com license: pixabay license

2019Unrestricted Oliver Fendt
Long Term Vision
OSS – Compliance processes and tools
OSS – Contribution processes and tools
Security vulnerability management
Export control and customs classification
OSS – selection process
fully integrated in the DevOps cycle.

2019Unrestricted Oliver Fendt
Integrated, automated – end to end OSS compliance
toolchain made with OSS
To build an integrated end to end compliance toolchain is not about to build a monolithic monster, it is
about to use current available Open Source tools and define and implement the needed APIs/Data
structures they need to provide, in order to plug them into the current set up CI/CD workflow and to
enable them to trigger other Open Source compliance tools in a way that they seamlessly interact which
each other and potential external data sources.
The already existing projects remain independent projects
We are making turn-key Open Source tooling for Open Source Compliance

2019Unrestricted Oliver Fendt
Big Picture – Integrated Compliance Toolchain
CI / CD Infrastructure
License &
Copyright
Scanner
Component
Analysis
Service
Compliance
artifact
consistency
Component
inventory
(Metadata
Repository)
Dependency
resolver
Source
package
downloader
Container
content
resolver
License
Obligations
Database
Policy
checker
(Compliance
Checker)
Obligation
fulfillment
Build Tools
Continous IntegrationArtifact Repository
Source Code Repo
outbound
software
&
compliance
artifacts
FOSS
Compliance
Bundle
generator
Binary
analyser
Inbound
software
Public
compliance
artifact
repos
contributions
Integration layer (API/Data) Integration layer (API/Data)
Integration layer (API/Data)
Integration layer (API/Data) Integration layer (API/Data) Integration layer (API/Data) Integration layer (API/Data)
Integration layer (API/Data) Integration layer (API/Data) Integration layer (API/Data) Integration layer (API/Data) Integration layer (API/Data)
License: CC-BY-SA-4.0

2019Unrestricted Oliver Fendt
Integrated, automated – end to end OSS compliance
toolchain made with OSS
We are making turn-key Open Source tooling for Open Source Compliance
• Identify the functional blocks required
• Identify the workflows
• Identify the required data and data flows
• Implement provide the needed APIs (as contributions)
• Provide the glue Code
• Provide easy to deploy building blocks
• Documentation
• Spread the word

2019Unrestricted Oliver Fendt
Agenda
Top Name Actors
1. Introduction and expectations All
2. Vision All
3. Introduction of the existing work Oliver
4. Next steps All
5. Fixed meeting dates/times Oliver

2019Unrestricted Oliver Fendt
UML Big Picture View
https://github.com/Open-Source-Compliance/Sharing-
creates-value/blob/master/Tooling-
Landscape/Unanimous-
Understanding/OSS_Tooling_Landscape_UML_Deploy.pl
antuml
Glossary
https://github.com/Open-Source-Compliance/Sharing-
creates-value/blob/master/Tooling-
Landscape/Unanimous-Understanding/OSS-Tooling-
Landscape-Glossary.md
Introduction of the existing work

2019Unrestricted Oliver Fendt
Introduction of the existing work
Process flows:
https://github.com/Open-Source-
Compliance/Sharing-creates-
value/tree/master/Tooling-Landscape/Unanimous-
Understanding/Process%20Flows

2019Unrestricted Oliver Fendt
Data Model:
https://github.com/Open-Source-
Compliance/Sharing-creates-
value/tree/master/Tooling-Landscape/Unanimous-
Understanding/Data%20Structures
Introduction of the existing work

2019Unrestricted Oliver Fendt
Agenda
Top Name Actors
1. Introduction and expectations All
2. Vision All
3. Introduction of the existing work Oliver
4. Next steps All
5. Fixed meeting dates/times Oliver

2019Unrestricted Oliver Fendt
Next steps
What is prio 1
What is prio 2

2019Unrestricted Oliver Fendt
Fixed meeting dates/times
Proposal:
Date: 1st and 3rd Wednesday of the month
Time: 0800 am – 0900 am CET same time as today| 0500 – 0600 pm CET
Or any other day / time except Friday
Content:
Work meeting / status meetings?

2019Unrestricted Oliver Fendt
Links / Communication
Github:
https://github.com/Open-Source-Compliance/Sharing-creates-value
Slack:
https://join.slack.com/t/ossbasedcompl-
bhx9742/shared_invite/enQtNzA5OTc3OTAwMjExLWNhYWVkZDk2Y2RlNDI4ODI2N
zQyNDU5ZWE4ODRmZWI1ZmM1MzA4ZTc2MTdkZGFhMzc2NmUyODRhNDZjNWI
5Njc
Mailing List:
Subscription page: https://groups.io/g/oss-based-compliance-tooling
Email address: oss-based-compliance-tooling@groups.io
Where to communicate what?

2019Unrestricted Oliver Fendt
Credits
Picture by Michael Schwarzenberger on https//pixabay.com license: pixabay license
Picture by OpenClipart on https//pixabay.com license: pixabay license
Picture by Pete Linforthon https//pixabay.com license: pixabay license
Picture by angiechaoticcrooks0 https//pixabay.com license: pixabay license
Picture by Gerd Altmann on https//pixabay.com license: pixabay license