Download as PDF, PPTX
Uploaded byShane Coughlan
Automating OSS Compliance with Open Source & Open Data
This document discusses automating open source (OS) compliance. It describes how open source management (OSM) systems identify all OS components used, track obligations, and ensure obligations are met. The document outlines key elements of a generic OSM system including obligation identification, fulfillment tracking, and metadata storage. It promotes collaborating across companies to establish professional OSM, share best practices to increase maturity, and automate compliance processes for continuous delivery. Automating OSM could simplify supply chain management and open new business opportunities in open source services.
More Related Content
Similar to Automating OSS Compliance with Open Source & Open Data
Automating OSS Compliance with Open Source & Open Data
- 1. AUTOMATING OSS COMPLIANCE WITH OPENSOURCE & OPEN DATA Dr. Steffen Evers Steffen.evers@bosch-si.com Director Open Source Services Bosch Software Innovations
- 2. ROLE OF OSM (OPENSOURCE MANAGEMENT)
- 3. End-to-end compliance Bosch SoftwareInnovations GmbH | INST/QMM | 10/17/2017 © Bosch Software Innovations GmbH 2017. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution as well as in the event of applications for industrial property rights. 3 Introduction Compliance management is a set of actions that manages OSS components used in products. Companies may have similar processes in place for proprietary components. FOSS components are called "Supplied Software" in the OpenChain specification. Such actions often include: Identifying all the FOSS components used in Supplied Software Identifying and tracking all obligations created by those components Ensuring that all obligations have been or will be met Small companies may use a simple checklist and enterprises a detailed process. Incoming FOSS FOSS identified; Obligations metCompliance Process
- 4. FOSS Bundle Generic Open SourceManagement System Bosch Software Innovations GmbH | INST/QMM | 10/17/2017 © Bosch Software Innovations GmbH 2017. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution as well as in the event of applications for industrial property rights. 4 Key elements Obligation FulfillmentObligation Identification Software Build What components? What licenses? What obligations? What necessary measures?Source Code Repository Artifact Repository Software Metadata Licenses Metadata Software Release Open Source Code Archive Guidance
- 5. Open Chain Bosch SoftwareInnovations GmbH | INST/QMM | 10/17/2017 © Bosch Software Innovations GmbH 2017. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution as well as in the event of applications for industrial property rights. 5 Value the work of the open source communities by establishing and maintaining a professional Open Source Management Share good practices with suppliers and partners Spread the good practices to increase the overall OSM-maturity in the business Continuous delivery needs automated processes! Basic OSM-maturity through the supply chain
- 6.
- 7. New state ofthe art method Bosch Software Innovations GmbH | INST/MKC | 10/17/2017 © Bosch Software Innovations GmbH 2017. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution as well as in the event of applications for industrial property rights. 7 Release-based Open Source Management Component-based Open Source Management Precondition for collaboration
- 8. SW360 Development Identification Collecting Data Legal / risk review GenericOpen Source Management Bosch Software Innovations GmbH | INST/MKC | 10/17/2017 © Bosch Software Innovations GmbH 2017. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution as well as in the event of applications for industrial property rights. 8 Process Open Metadatabase Complete metadata optional step optional step Obligation fulfilment optional step Deployment / Release mandatory
- 9. Alignment efforts acrossthe industry Bosch Software Innovations GmbH | INST/MKC | 10/17/2017 © Bosch Software Innovations GmbH 2017. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution as well as in the event of applications for industrial property rights. 9 Collaborative projects Processes Source Code Data Standards Tooling Development Integration SW360 Antenna ORT Boschparticipationcurrentlyunderinvestigation
- 10. Open Source Managementcollaboration Bosch Software Innovations GmbH | INST/ECS7 | 10/17/2017 © Bosch Software Innovations GmbH 2017. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution as well as in the event of applications for industrial property rights. 10 Starting points Share data Integrate tools Simplify supply chain Open up business opportunities High quality OSM as unique selling point Offer Open Source Services to external customers e.g. SW360, Fossology Aligning OSM processes Component metadata SW360