SlideShare a Scribd company logo

OpenChain: How to manage OSS licenses for CI/CD development

Download as PPTX, PDF
Shane Coughlan
Shane Coughlan

How to manage OSS licenses for CI/CD development A pretty cool slide deck shared during an OpenChain event.

Software
1 of 11
How to manage OSS licenses for CI/CD development Takuma Ueba Fujitsu Computer Technologies Limited Copyright 2019 FUJITSU COMPUTER TECHNOLOGIES LIMITED 1553ka1
whoami Copyright 2019 FUJITSU COMPUTER TECHNOLOGIES LIMITED I have contributed to the following communities  Linux kernel  U-Boot  Yocto Project Developer of In-house Embedded Linux Distribution for Fujitsu Our Distribution is built with Yocto Project My team-member is maintainer of meta-spdxscanner(Lei Maohui) and dnf-plugin-tui(Zheng Ruoqin) Our Distribution is used for 80+ products  IVI  Server System Controller  Storage System  Network equipment etc.. Mainly platform community 1
Agenda Copyright 2019 FUJITSU COMPUTER TECHNOLOGIES LIMITED Why SPDX is needed? Simple introduction of “meta-spdxscanner” Case Study (CI/CD development) Future Work (Current effort) Finally The names of products are the product names, trademarks or registered trademarks of the respective companies. Trademark notices ((R),TM) are not necessarily displayed on system names and product names in this material. 2
Why SPDX is needed? Copyright 2019 FUJITSU COMPUTER TECHNOLOGIES LIMITED Difficult to manage OSS information in various formats product vendor SPDX OSS package information lack of information list delivery software A software B software C delivery delivery Company A Company B Company C supplier Missing OSS License Information!? 3
Why SPDX is needed? Copyright 2019 FUJITSU COMPUTER TECHNOLOGIES LIMITED Extracting all license and copyright information Centralized format of package information for easier management delivery software A software B software C delivery delivery Company A Company B Company C SPDX OSS package information SPDX SPDX Software Package Data eXchange ® Standard format for communicating licenses, copyrights, etc. concerning software packages SPDX is an efficient method to comply with OpenChain. 4
Simple introduction of “meta-spdxscanner” Copyright 2019 FUJITSU COMPUTER TECHNOLOGIES LIMITED  Patches come from 3rd party Yocto Project meta-spdxscanner SPDX files openembedded-core meta-oe meta-……  OSS source code ・default output: SPDX files (considering OpenChain) ・currently use fossology as a license scanner (but considering change to scancode-toolkit.) ・support for SPDX “Modification” field Yocto Project is embedded linux distribution build environment and De facto standard in WW. (e.g. Automotive Grade Linux (AGL), SoC vendor BSP … built with YP) do_fetch do_spdx do_package・・・do_unpack Yocto Build process 5
Case Study (CI/CD development)  If integration (CI) is performed, new OSS and license will be added, so it is necessary to clarify the license to deliver.  In CI/CD development, reducing scan time is an theme. e.g. In Weekly Deploy environment, If it takes several hours, it does not fit the development cycle. Copyright 2019 FUJITSU COMPUTER TECHNOLOGIES LIMITED scan time delivery delivery scan time delivery delivery scan scan delivery delivery time integration integration scan integration integrationscan integration integration 6
Case Study (CI/CD development)  “meta-spdxscanner” improved performance by reusing previous scan results. Copyright 2019 FUJITSU COMPUTER TECHNOLOGIES LIMITED 0 50 100 150 200 250 ntp busybox openssl openssh Spendtime(seconds) OSS first reuse 7
Future work (current effort)  Automatically import spdx files from Yocto build process to SW360 (OSS management tool). Copyright 2019 FUJITSU COMPUTER TECHNOLOGIES LIMITED meta-spdxscanner License scanner  Scan only files with differences. (Currently, If there are differences in the source file, the entire file is rescanned.) Automation Easier license-clearing! Output only differences to spdx 8
Finally Copyright 2019 FUJITSU COMPUTER TECHNOLOGIES LIMITED I'd appreciate it if you could give me feedback using meta-spdxscanner. github URL: https://github.com/dl9pf/meta-spdxscanner If you want to know more about meta-spdxscanner, please ask me. 9
Copyright 2019 FUJITSU COMPUTER TECHNOLOGIES LIMITED

Recommended

OpenChain Automotive Work Group Meeting #2 - Lyon
OpenChain Automotive Work Group Meeting #2 - LyonOpenChain Automotive Work Group Meeting #2 - Lyon
OpenChain Automotive Work Group Meeting #2 - Lyon
Shane Coughlan
 
OpenChain Automation Case Study - September to December 2021
OpenChain Automation Case Study - September to December 2021OpenChain Automation Case Study - September to December 2021
OpenChain Automation Case Study - September to December 2021
Shane Coughlan
 
Bosch: AN UPDATE ON OUR ACTIVITIES IN AUTOMATING OSS COMPLIANCE: A WORKING SH...
Bosch: AN UPDATE ON OUR ACTIVITIES IN AUTOMATING OSS COMPLIANCE: A WORKING SH...Bosch: AN UPDATE ON OUR ACTIVITIES IN AUTOMATING OSS COMPLIANCE: A WORKING SH...
Bosch: AN UPDATE ON OUR ACTIVITIES IN AUTOMATING OSS COMPLIANCE: A WORKING SH...
Shane Coughlan
 
Using SW360 for OSS Compliance Management Process - A Toshiba Case Study for ...
Using SW360 for OSS Compliance Management Process - A Toshiba Case Study for ...Using SW360 for OSS Compliance Management Process - A Toshiba Case Study for ...
Using SW360 for OSS Compliance Management Process - A Toshiba Case Study for ...
Shane Coughlan
 
OpenChain Automation Case Study - September to December 2021
OpenChain Automation Case Study - September to December 2021OpenChain Automation Case Study - September to December 2021
OpenChain Automation Case Study - September to December 2021
Shane Coughlan
 
Toyota and Strategic Collaboration with the Community
Toyota and Strategic Collaboration with the CommunityToyota and Strategic Collaboration with the Community
Toyota and Strategic Collaboration with the Community
Shane Coughlan
 
Osborne Clarke - OpenChain - FOSSmatrix
Osborne Clarke - OpenChain - FOSSmatrixOsborne Clarke - OpenChain - FOSSmatrix
Osborne Clarke - OpenChain - FOSSmatrix
Shane Coughlan
 
Free and Open Source Software - Challenges for the Automotive Supply Chain
Free and Open Source Software - Challenges for the Automotive Supply ChainFree and Open Source Software - Challenges for the Automotive Supply Chain
Free and Open Source Software - Challenges for the Automotive Supply Chain
Shane Coughlan
 

Recommended

OpenChain Automotive Work Group Meeting #2 - Lyon
OpenChain Automotive Work Group Meeting #2 - LyonOpenChain Automotive Work Group Meeting #2 - Lyon
OpenChain Automotive Work Group Meeting #2 - Lyon
Shane Coughlan
 
OpenChain Automation Case Study - September to December 2021
OpenChain Automation Case Study - September to December 2021OpenChain Automation Case Study - September to December 2021
OpenChain Automation Case Study - September to December 2021
Shane Coughlan
 
Bosch: AN UPDATE ON OUR ACTIVITIES IN AUTOMATING OSS COMPLIANCE: A WORKING SH...
Bosch: AN UPDATE ON OUR ACTIVITIES IN AUTOMATING OSS COMPLIANCE: A WORKING SH...Bosch: AN UPDATE ON OUR ACTIVITIES IN AUTOMATING OSS COMPLIANCE: A WORKING SH...
Bosch: AN UPDATE ON OUR ACTIVITIES IN AUTOMATING OSS COMPLIANCE: A WORKING SH...
Shane Coughlan
 
Using SW360 for OSS Compliance Management Process - A Toshiba Case Study for ...
Using SW360 for OSS Compliance Management Process - A Toshiba Case Study for ...Using SW360 for OSS Compliance Management Process - A Toshiba Case Study for ...
Using SW360 for OSS Compliance Management Process - A Toshiba Case Study for ...
Shane Coughlan
 
OpenChain Automation Case Study - September to December 2021
OpenChain Automation Case Study - September to December 2021OpenChain Automation Case Study - September to December 2021
OpenChain Automation Case Study - September to December 2021
Shane Coughlan
 
Toyota and Strategic Collaboration with the Community
Toyota and Strategic Collaboration with the CommunityToyota and Strategic Collaboration with the Community
Toyota and Strategic Collaboration with the Community
Shane Coughlan
 
Osborne Clarke - OpenChain - FOSSmatrix
Osborne Clarke - OpenChain - FOSSmatrixOsborne Clarke - OpenChain - FOSSmatrix
Osborne Clarke - OpenChain - FOSSmatrix
Shane Coughlan
 
Free and Open Source Software - Challenges for the Automotive Supply Chain
Free and Open Source Software - Challenges for the Automotive Supply ChainFree and Open Source Software - Challenges for the Automotive Supply Chain
Free and Open Source Software - Challenges for the Automotive Supply Chain
Shane Coughlan
 
Open Source at Scania
Open Source at ScaniaOpen Source at Scania
Open Source at Scania
Shane Coughlan
 
OpenChain Continual Improvement Case Studies
OpenChain Continual Improvement Case StudiesOpenChain Continual Improvement Case Studies
OpenChain Continual Improvement Case Studies
Shane Coughlan
 
SFScon17 - Alessandro Narduzzo: " Organizing New Venture For A Dominant Design"
SFScon17 - Alessandro Narduzzo: " Organizing New Venture For A Dominant Design"SFScon17 - Alessandro Narduzzo: " Organizing New Venture For A Dominant Design"
SFScon17 - Alessandro Narduzzo: " Organizing New Venture For A Dominant Design"
South Tyrol Free Software Conference
 
OpenChain Webinar #11 - cii-bp-badge-intro
OpenChain Webinar #11 - cii-bp-badge-introOpenChain Webinar #11 - cii-bp-badge-intro
OpenChain Webinar #11 - cii-bp-badge-intro
Shane Coughlan
 
OpenChain Webinar #10 - Joint Development Foundation - 2020-08-17
OpenChain Webinar #10 - Joint Development Foundation - 2020-08-17OpenChain Webinar #10 - Joint Development Foundation - 2020-08-17
OpenChain Webinar #10 - Joint Development Foundation - 2020-08-17
Shane Coughlan
 
OpenChain Webinar #11 - Open Source Issues Remediation - Jari Koivisto - 2020...
OpenChain Webinar #11 - Open Source Issues Remediation - Jari Koivisto - 2020...OpenChain Webinar #11 - Open Source Issues Remediation - Jari Koivisto - 2020...
OpenChain Webinar #11 - Open Source Issues Remediation - Jari Koivisto - 2020...
Shane Coughlan
 
OpenChain Japan Work Group Meeting #16 - Remote Meeting #3
OpenChain Japan Work Group Meeting #16 - Remote Meeting #3OpenChain Japan Work Group Meeting #16 - Remote Meeting #3
OpenChain Japan Work Group Meeting #16 - Remote Meeting #3
Shane Coughlan
 
OpenChain Japan Work Group Meeting #18 (Virtual Meeting #5) - Keynote Message
OpenChain Japan Work Group Meeting #18 (Virtual Meeting #5) - Keynote MessageOpenChain Japan Work Group Meeting #18 (Virtual Meeting #5) - Keynote Message
OpenChain Japan Work Group Meeting #18 (Virtual Meeting #5) - Keynote Message
Shane Coughlan
 
Licensing in Composite Open Source Projects
Licensing in Composite Open Source ProjectsLicensing in Composite Open Source Projects
Licensing in Composite Open Source Projects
Protecode
 
Licensing in Composite Projects
Licensing in Composite ProjectsLicensing in Composite Projects
Licensing in Composite Projects
Tiberius Forrester
 
Sogeti Software Maintainability Roadshow
Sogeti Software Maintainability RoadshowSogeti Software Maintainability Roadshow
Sogeti Software Maintainability Roadshow
Peter Rombouts
 
Maintainability Sogeti Qx Day 2020
Maintainability Sogeti Qx Day 2020Maintainability Sogeti Qx Day 2020
Maintainability Sogeti Qx Day 2020
Peter Rombouts
 
Sogeti Java Meetup - How to ensure your code is maintainable
Sogeti Java Meetup - How to ensure your code is maintainableSogeti Java Meetup - How to ensure your code is maintainable
Sogeti Java Meetup - How to ensure your code is maintainable
Peter Rombouts
 
Giving Everyone Access To Open Source Best Practices: The OpenChain Curriculum
Giving Everyone Access To Open Source Best Practices: The OpenChain CurriculumGiving Everyone Access To Open Source Best Practices: The OpenChain Curriculum
Giving Everyone Access To Open Source Best Practices: The OpenChain Curriculum
Shane Coughlan
 
Software Heritage, a revolutionary infrastructure for software source code, O...
Software Heritage, a revolutionary infrastructure for software source code, O...Software Heritage, a revolutionary infrastructure for software source code, O...
Software Heritage, a revolutionary infrastructure for software source code, O...
OW2
 
OpenChain & OpenUK Future Leaders Group Presentation (Reduced)
OpenChain & OpenUK Future Leaders Group Presentation (Reduced)OpenChain & OpenUK Future Leaders Group Presentation (Reduced)
OpenChain & OpenUK Future Leaders Group Presentation (Reduced)
Shane Coughlan
 
From legacy code to continuous integration
From legacy code to continuous integrationFrom legacy code to continuous integration
From legacy code to continuous integration
Matheus Marabesi
 
OIDF Workshop 4/29/2019 -- OpenID Research & Education Working Group Update
OIDF Workshop 4/29/2019 -- OpenID Research & Education Working Group UpdateOIDF Workshop 4/29/2019 -- OpenID Research & Education Working Group Update
OIDF Workshop 4/29/2019 -- OpenID Research & Education Working Group Update
OpenIDFoundation
 
Ndg linux unhatched 0920 dm
Ndg linux unhatched 0920 dmNdg linux unhatched 0920 dm
Ndg linux unhatched 0920 dm
HARUN PEHLIVAN
 
Open Source In Enterprises Apache2009 Beijing Jack Cai
Open Source In Enterprises Apache2009 Beijing Jack CaiOpen Source In Enterprises Apache2009 Beijing Jack Cai
Open Source In Enterprises Apache2009 Beijing Jack CaiOpenSourceCamp
 
How to Manage OSS Licenses in CI/CD Development
How to Manage OSS Licenses in CI/CD DevelopmentHow to Manage OSS Licenses in CI/CD Development
How to Manage OSS Licenses in CI/CD Development
Shane Coughlan
 
The Yocto Project
The Yocto ProjectThe Yocto Project
The Yocto Project
rossburton
 

More Related Content

What's hot

Open Source at Scania
Open Source at ScaniaOpen Source at Scania
Open Source at Scania
Shane Coughlan
 
OpenChain Continual Improvement Case Studies
OpenChain Continual Improvement Case StudiesOpenChain Continual Improvement Case Studies
OpenChain Continual Improvement Case Studies
Shane Coughlan
 
SFScon17 - Alessandro Narduzzo: " Organizing New Venture For A Dominant Design"
SFScon17 - Alessandro Narduzzo: " Organizing New Venture For A Dominant Design"SFScon17 - Alessandro Narduzzo: " Organizing New Venture For A Dominant Design"
SFScon17 - Alessandro Narduzzo: " Organizing New Venture For A Dominant Design"
South Tyrol Free Software Conference
 
OpenChain Webinar #11 - cii-bp-badge-intro
OpenChain Webinar #11 - cii-bp-badge-introOpenChain Webinar #11 - cii-bp-badge-intro
OpenChain Webinar #11 - cii-bp-badge-intro
Shane Coughlan
 
OpenChain Webinar #10 - Joint Development Foundation - 2020-08-17
OpenChain Webinar #10 - Joint Development Foundation - 2020-08-17OpenChain Webinar #10 - Joint Development Foundation - 2020-08-17
OpenChain Webinar #10 - Joint Development Foundation - 2020-08-17
Shane Coughlan
 
OpenChain Webinar #11 - Open Source Issues Remediation - Jari Koivisto - 2020...
OpenChain Webinar #11 - Open Source Issues Remediation - Jari Koivisto - 2020...OpenChain Webinar #11 - Open Source Issues Remediation - Jari Koivisto - 2020...
OpenChain Webinar #11 - Open Source Issues Remediation - Jari Koivisto - 2020...
Shane Coughlan
 
OpenChain Japan Work Group Meeting #16 - Remote Meeting #3
OpenChain Japan Work Group Meeting #16 - Remote Meeting #3OpenChain Japan Work Group Meeting #16 - Remote Meeting #3
OpenChain Japan Work Group Meeting #16 - Remote Meeting #3
Shane Coughlan
 
OpenChain Japan Work Group Meeting #18 (Virtual Meeting #5) - Keynote Message
OpenChain Japan Work Group Meeting #18 (Virtual Meeting #5) - Keynote MessageOpenChain Japan Work Group Meeting #18 (Virtual Meeting #5) - Keynote Message
OpenChain Japan Work Group Meeting #18 (Virtual Meeting #5) - Keynote Message
Shane Coughlan
 
Licensing in Composite Open Source Projects
Licensing in Composite Open Source ProjectsLicensing in Composite Open Source Projects
Licensing in Composite Open Source Projects
Protecode
 
Licensing in Composite Projects
Licensing in Composite ProjectsLicensing in Composite Projects
Licensing in Composite Projects
Tiberius Forrester
 
Sogeti Software Maintainability Roadshow
Sogeti Software Maintainability RoadshowSogeti Software Maintainability Roadshow
Sogeti Software Maintainability Roadshow
Peter Rombouts
 
Maintainability Sogeti Qx Day 2020
Maintainability Sogeti Qx Day 2020Maintainability Sogeti Qx Day 2020
Maintainability Sogeti Qx Day 2020
Peter Rombouts
 
Sogeti Java Meetup - How to ensure your code is maintainable
Sogeti Java Meetup - How to ensure your code is maintainableSogeti Java Meetup - How to ensure your code is maintainable
Sogeti Java Meetup - How to ensure your code is maintainable
Peter Rombouts
 
Giving Everyone Access To Open Source Best Practices: The OpenChain Curriculum
Giving Everyone Access To Open Source Best Practices: The OpenChain CurriculumGiving Everyone Access To Open Source Best Practices: The OpenChain Curriculum
Giving Everyone Access To Open Source Best Practices: The OpenChain Curriculum
Shane Coughlan
 
Software Heritage, a revolutionary infrastructure for software source code, O...
Software Heritage, a revolutionary infrastructure for software source code, O...Software Heritage, a revolutionary infrastructure for software source code, O...
Software Heritage, a revolutionary infrastructure for software source code, O...
OW2
 
OpenChain & OpenUK Future Leaders Group Presentation (Reduced)
OpenChain & OpenUK Future Leaders Group Presentation (Reduced)OpenChain & OpenUK Future Leaders Group Presentation (Reduced)
OpenChain & OpenUK Future Leaders Group Presentation (Reduced)
Shane Coughlan
 
From legacy code to continuous integration
From legacy code to continuous integrationFrom legacy code to continuous integration
From legacy code to continuous integration
Matheus Marabesi
 
OIDF Workshop 4/29/2019 -- OpenID Research & Education Working Group Update
OIDF Workshop 4/29/2019 -- OpenID Research & Education Working Group UpdateOIDF Workshop 4/29/2019 -- OpenID Research & Education Working Group Update
OIDF Workshop 4/29/2019 -- OpenID Research & Education Working Group Update
OpenIDFoundation
 
Ndg linux unhatched 0920 dm
Ndg linux unhatched 0920 dmNdg linux unhatched 0920 dm
Ndg linux unhatched 0920 dm
HARUN PEHLIVAN
 
Open Source In Enterprises Apache2009 Beijing Jack Cai
Open Source In Enterprises Apache2009 Beijing Jack CaiOpen Source In Enterprises Apache2009 Beijing Jack Cai
Open Source In Enterprises Apache2009 Beijing Jack CaiOpenSourceCamp
 

What's hot (20)

Open Source at Scania
Open Source at ScaniaOpen Source at Scania
Open Source at Scania
 
OpenChain Continual Improvement Case Studies
OpenChain Continual Improvement Case StudiesOpenChain Continual Improvement Case Studies
OpenChain Continual Improvement Case Studies
 
SFScon17 - Alessandro Narduzzo: " Organizing New Venture For A Dominant Design"
SFScon17 - Alessandro Narduzzo: " Organizing New Venture For A Dominant Design"SFScon17 - Alessandro Narduzzo: " Organizing New Venture For A Dominant Design"
SFScon17 - Alessandro Narduzzo: " Organizing New Venture For A Dominant Design"
 
OpenChain Webinar #11 - cii-bp-badge-intro
OpenChain Webinar #11 - cii-bp-badge-introOpenChain Webinar #11 - cii-bp-badge-intro
OpenChain Webinar #11 - cii-bp-badge-intro
 
OpenChain Webinar #10 - Joint Development Foundation - 2020-08-17
OpenChain Webinar #10 - Joint Development Foundation - 2020-08-17OpenChain Webinar #10 - Joint Development Foundation - 2020-08-17
OpenChain Webinar #10 - Joint Development Foundation - 2020-08-17
 
OpenChain Webinar #11 - Open Source Issues Remediation - Jari Koivisto - 2020...
OpenChain Webinar #11 - Open Source Issues Remediation - Jari Koivisto - 2020...OpenChain Webinar #11 - Open Source Issues Remediation - Jari Koivisto - 2020...
OpenChain Webinar #11 - Open Source Issues Remediation - Jari Koivisto - 2020...
 
OpenChain Japan Work Group Meeting #16 - Remote Meeting #3
OpenChain Japan Work Group Meeting #16 - Remote Meeting #3OpenChain Japan Work Group Meeting #16 - Remote Meeting #3
OpenChain Japan Work Group Meeting #16 - Remote Meeting #3
 
OpenChain Japan Work Group Meeting #18 (Virtual Meeting #5) - Keynote Message
OpenChain Japan Work Group Meeting #18 (Virtual Meeting #5) - Keynote MessageOpenChain Japan Work Group Meeting #18 (Virtual Meeting #5) - Keynote Message
OpenChain Japan Work Group Meeting #18 (Virtual Meeting #5) - Keynote Message
 
Licensing in Composite Open Source Projects
Licensing in Composite Open Source ProjectsLicensing in Composite Open Source Projects
Licensing in Composite Open Source Projects
 
Licensing in Composite Projects
Licensing in Composite ProjectsLicensing in Composite Projects
Licensing in Composite Projects
 
Sogeti Software Maintainability Roadshow
Sogeti Software Maintainability RoadshowSogeti Software Maintainability Roadshow
Sogeti Software Maintainability Roadshow
 
Maintainability Sogeti Qx Day 2020
Maintainability Sogeti Qx Day 2020Maintainability Sogeti Qx Day 2020
Maintainability Sogeti Qx Day 2020
 
Sogeti Java Meetup - How to ensure your code is maintainable
Sogeti Java Meetup - How to ensure your code is maintainableSogeti Java Meetup - How to ensure your code is maintainable
Sogeti Java Meetup - How to ensure your code is maintainable
 
Giving Everyone Access To Open Source Best Practices: The OpenChain Curriculum
Giving Everyone Access To Open Source Best Practices: The OpenChain CurriculumGiving Everyone Access To Open Source Best Practices: The OpenChain Curriculum
Giving Everyone Access To Open Source Best Practices: The OpenChain Curriculum
 
Software Heritage, a revolutionary infrastructure for software source code, O...
Software Heritage, a revolutionary infrastructure for software source code, O...Software Heritage, a revolutionary infrastructure for software source code, O...
Software Heritage, a revolutionary infrastructure for software source code, O...
 
OpenChain & OpenUK Future Leaders Group Presentation (Reduced)
OpenChain & OpenUK Future Leaders Group Presentation (Reduced)OpenChain & OpenUK Future Leaders Group Presentation (Reduced)
OpenChain & OpenUK Future Leaders Group Presentation (Reduced)
 
From legacy code to continuous integration
From legacy code to continuous integrationFrom legacy code to continuous integration
From legacy code to continuous integration
 
OIDF Workshop 4/29/2019 -- OpenID Research & Education Working Group Update
OIDF Workshop 4/29/2019 -- OpenID Research & Education Working Group UpdateOIDF Workshop 4/29/2019 -- OpenID Research & Education Working Group Update
OIDF Workshop 4/29/2019 -- OpenID Research & Education Working Group Update
 
Ndg linux unhatched 0920 dm
Ndg linux unhatched 0920 dmNdg linux unhatched 0920 dm
Ndg linux unhatched 0920 dm
 
Open Source In Enterprises Apache2009 Beijing Jack Cai
Open Source In Enterprises Apache2009 Beijing Jack CaiOpen Source In Enterprises Apache2009 Beijing Jack Cai
Open Source In Enterprises Apache2009 Beijing Jack Cai
 

Similar to OpenChain: How to manage OSS licenses for CI/CD development

How to Manage OSS Licenses in CI/CD Development
How to Manage OSS Licenses in CI/CD DevelopmentHow to Manage OSS Licenses in CI/CD Development
How to Manage OSS Licenses in CI/CD Development
Shane Coughlan
 
The Yocto Project
The Yocto ProjectThe Yocto Project
The Yocto Project
rossburton
 
TDC2016SP - Trilha Linux Embarcado
TDC2016SP - Trilha Linux EmbarcadoTDC2016SP - Trilha Linux Embarcado
TDC2016SP - Trilha Linux Embarcado
tdc-globalcode
 
Contiki OS Research Projects Guidance
Contiki OS Research Projects GuidanceContiki OS Research Projects Guidance
Contiki OS Research Projects Guidance
Network Simulation Tools
 
Why you should use the Yocto Project
Why you should use the Yocto ProjectWhy you should use the Yocto Project
Why you should use the Yocto Project
rossburton
 
Bringing Tizen to a Raspberry Pi 2 Near You
Bringing Tizen to a Raspberry Pi 2 Near YouBringing Tizen to a Raspberry Pi 2 Near You
Bringing Tizen to a Raspberry Pi 2 Near You
Samsung Open Source Group
 
Why the yocto project for my io t project elc_edinburgh_2018
Why the yocto project for my io t project elc_edinburgh_2018Why the yocto project for my io t project elc_edinburgh_2018
Why the yocto project for my io t project elc_edinburgh_2018
Mender.io
 
CNCF and Fujitsu
CNCF and FujitsuCNCF and Fujitsu
CNCF and Fujitsu
LF Events
 
Improving User Experience with Ubiquitous QuickBoot
Improving User Experience with Ubiquitous QuickBoot Improving User Experience with Ubiquitous QuickBoot
Improving User Experience with Ubiquitous QuickBoot
ICS
 
Randstad Docker meetup - Serverless
Randstad Docker meetup - ServerlessRandstad Docker meetup - Serverless
Randstad Docker meetup - Serverless
David Delabassee
 
UEFI presentation
UEFI presentationUEFI presentation
UEFI presentation
Bruno Cornec
 
UplinQ - ubuntu linux on the qualcomm® snapdragon™ 600 processor
UplinQ - ubuntu linux on the qualcomm® snapdragon™ 600 processorUplinQ - ubuntu linux on the qualcomm® snapdragon™ 600 processor
UplinQ - ubuntu linux on the qualcomm® snapdragon™ 600 processor
Satya Harish
 
TI TechDays 2010: swiftBoot
TI TechDays 2010: swiftBootTI TechDays 2010: swiftBoot
TI TechDays 2010: swiftBoot
andrewmurraympc
 
Embedded Linux BSP Training (Intro)
Embedded Linux BSP Training (Intro)Embedded Linux BSP Training (Intro)
Embedded Linux BSP Training (Intro)
RuggedBoardGroup
 
IoTivity for Automotive: meta-ocf-automotive tutorial
IoTivity for Automotive: meta-ocf-automotive tutorialIoTivity for Automotive: meta-ocf-automotive tutorial
IoTivity for Automotive: meta-ocf-automotive tutorial
Samsung Open Source Group
 
Civil Infrastructure Platform: Industrial Grade SLTS Kernel and Base-layer De...
Civil Infrastructure Platform: Industrial Grade SLTS Kernel and Base-layer De...Civil Infrastructure Platform: Industrial Grade SLTS Kernel and Base-layer De...
Civil Infrastructure Platform: Industrial Grade SLTS Kernel and Base-layer De...
Yoshitake Kobayashi
 
Strata - Scaling Jupyter with Jupyter Enterprise Gateway
Strata - Scaling Jupyter with Jupyter Enterprise GatewayStrata - Scaling Jupyter with Jupyter Enterprise Gateway
Strata - Scaling Jupyter with Jupyter Enterprise Gateway
Luciano Resende
 
如何在 Ubuntu 上更快、更便捷地部署物联网设备
如何在 Ubuntu 上更快、更便捷地部署物联网设备如何在 Ubuntu 上更快、更便捷地部署物联网设备
如何在 Ubuntu 上更快、更便捷地部署物联网设备
Rex Tsai
 
LAS16-200: Firmware summit - Tianocore Progress and Status
LAS16-200: Firmware summit - Tianocore Progress and StatusLAS16-200: Firmware summit - Tianocore Progress and Status
LAS16-200: Firmware summit - Tianocore Progress and Status
Linaro
 
Kernel Recipes 2017 - Developing an embedded video application on dual Linux ...
Kernel Recipes 2017 - Developing an embedded video application on dual Linux ...Kernel Recipes 2017 - Developing an embedded video application on dual Linux ...
Kernel Recipes 2017 - Developing an embedded video application on dual Linux ...
Anne Nicolas
 

Similar to OpenChain: How to manage OSS licenses for CI/CD development (20)

How to Manage OSS Licenses in CI/CD Development
How to Manage OSS Licenses in CI/CD DevelopmentHow to Manage OSS Licenses in CI/CD Development
How to Manage OSS Licenses in CI/CD Development
 
The Yocto Project
The Yocto ProjectThe Yocto Project
The Yocto Project
 
TDC2016SP - Trilha Linux Embarcado
TDC2016SP - Trilha Linux EmbarcadoTDC2016SP - Trilha Linux Embarcado
TDC2016SP - Trilha Linux Embarcado
 
Contiki OS Research Projects Guidance
Contiki OS Research Projects GuidanceContiki OS Research Projects Guidance
Contiki OS Research Projects Guidance
 
Why you should use the Yocto Project
Why you should use the Yocto ProjectWhy you should use the Yocto Project
Why you should use the Yocto Project
 
Bringing Tizen to a Raspberry Pi 2 Near You
Bringing Tizen to a Raspberry Pi 2 Near YouBringing Tizen to a Raspberry Pi 2 Near You
Bringing Tizen to a Raspberry Pi 2 Near You
 
Why the yocto project for my io t project elc_edinburgh_2018
Why the yocto project for my io t project elc_edinburgh_2018Why the yocto project for my io t project elc_edinburgh_2018
Why the yocto project for my io t project elc_edinburgh_2018
 
CNCF and Fujitsu
CNCF and FujitsuCNCF and Fujitsu
CNCF and Fujitsu
 
Improving User Experience with Ubiquitous QuickBoot
Improving User Experience with Ubiquitous QuickBoot Improving User Experience with Ubiquitous QuickBoot
Improving User Experience with Ubiquitous QuickBoot
 
Randstad Docker meetup - Serverless
Randstad Docker meetup - ServerlessRandstad Docker meetup - Serverless
Randstad Docker meetup - Serverless
 
UEFI presentation
UEFI presentationUEFI presentation
UEFI presentation
 
UplinQ - ubuntu linux on the qualcomm® snapdragon™ 600 processor
UplinQ - ubuntu linux on the qualcomm® snapdragon™ 600 processorUplinQ - ubuntu linux on the qualcomm® snapdragon™ 600 processor
UplinQ - ubuntu linux on the qualcomm® snapdragon™ 600 processor
 
TI TechDays 2010: swiftBoot
TI TechDays 2010: swiftBootTI TechDays 2010: swiftBoot
TI TechDays 2010: swiftBoot
 
Embedded Linux BSP Training (Intro)
Embedded Linux BSP Training (Intro)Embedded Linux BSP Training (Intro)
Embedded Linux BSP Training (Intro)
 
IoTivity for Automotive: meta-ocf-automotive tutorial
IoTivity for Automotive: meta-ocf-automotive tutorialIoTivity for Automotive: meta-ocf-automotive tutorial
IoTivity for Automotive: meta-ocf-automotive tutorial
 
Civil Infrastructure Platform: Industrial Grade SLTS Kernel and Base-layer De...
Civil Infrastructure Platform: Industrial Grade SLTS Kernel and Base-layer De...Civil Infrastructure Platform: Industrial Grade SLTS Kernel and Base-layer De...
Civil Infrastructure Platform: Industrial Grade SLTS Kernel and Base-layer De...
 
Strata - Scaling Jupyter with Jupyter Enterprise Gateway
Strata - Scaling Jupyter with Jupyter Enterprise GatewayStrata - Scaling Jupyter with Jupyter Enterprise Gateway
Strata - Scaling Jupyter with Jupyter Enterprise Gateway
 
如何在 Ubuntu 上更快、更便捷地部署物联网设备
如何在 Ubuntu 上更快、更便捷地部署物联网设备如何在 Ubuntu 上更快、更便捷地部署物联网设备
如何在 Ubuntu 上更快、更便捷地部署物联网设备
 
LAS16-200: Firmware summit - Tianocore Progress and Status
LAS16-200: Firmware summit - Tianocore Progress and StatusLAS16-200: Firmware summit - Tianocore Progress and Status
LAS16-200: Firmware summit - Tianocore Progress and Status
 
Kernel Recipes 2017 - Developing an embedded video application on dual Linux ...
Kernel Recipes 2017 - Developing an embedded video application on dual Linux ...Kernel Recipes 2017 - Developing an embedded video application on dual Linux ...
Kernel Recipes 2017 - Developing an embedded video application on dual Linux ...
 

More from Shane Coughlan

openEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain SecurityopenEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain Security
Shane Coughlan
 
OpenChain @ LF Japan Executive Briefing - May 2024
OpenChain @ LF Japan Executive Briefing - May 2024OpenChain @ LF Japan Executive Briefing - May 2024
OpenChain @ LF Japan Executive Briefing - May 2024
Shane Coughlan
 
OpenChain Webinar: AboutCode and Beyond - End-to-End SCA
OpenChain Webinar: AboutCode and Beyond - End-to-End SCAOpenChain Webinar: AboutCode and Beyond - End-to-End SCA
OpenChain Webinar: AboutCode and Beyond - End-to-End SCA
Shane Coughlan
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
Shane Coughlan
 
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full RecordingOpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
Shane Coughlan
 
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full RecordingOpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
Shane Coughlan
 
OpenChain Monthly Meeting North America and Asia - 2024-03-19
OpenChain Monthly Meeting North America and Asia - 2024-03-19OpenChain Monthly Meeting North America and Asia - 2024-03-19
OpenChain Monthly Meeting North America and Asia - 2024-03-19
Shane Coughlan
 
OpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS CalculatorOpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS Calculator
Shane Coughlan
 
openEuler Community Overview - a presentation showing the current scale
openEuler Community Overview - a presentation showing the current scaleopenEuler Community Overview - a presentation showing the current scale
openEuler Community Overview - a presentation showing the current scale
Shane Coughlan
 
OpenChain AI Study Group - North America and Europe - 2024-02-20
OpenChain AI Study Group - North America and Europe - 2024-02-20OpenChain AI Study Group - North America and Europe - 2024-02-20
OpenChain AI Study Group - North America and Europe - 2024-02-20
Shane Coughlan
 
AI Study Group North America - Europe 2024-02-06
AI Study Group North America - Europe 2024-02-06AI Study Group North America - Europe 2024-02-06
AI Study Group North America - Europe 2024-02-06
Shane Coughlan
 
OpenChain Monthly North America / Europe Call - 2024-02-06
OpenChain Monthly North America / Europe Call - 2024-02-06OpenChain Monthly North America / Europe Call - 2024-02-06
OpenChain Monthly North America / Europe Call - 2024-02-06
Shane Coughlan
 
OpenChain Export Control Work Group 2024-01-09
OpenChain Export Control Work Group 2024-01-09OpenChain Export Control Work Group 2024-01-09
OpenChain Export Control Work Group 2024-01-09
Shane Coughlan
 
OpenChain Legal Work Group - 2024-01-17
OpenChain Legal Work Group - 2024-01-17OpenChain Legal Work Group - 2024-01-17
OpenChain Legal Work Group - 2024-01-17
Shane Coughlan
 
Openchain AI Study Group 2024-01-23.pptx
Openchain AI Study Group 2024-01-23.pptxOpenchain AI Study Group 2024-01-23.pptx
Openchain AI Study Group 2024-01-23.pptx
Shane Coughlan
 
OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...
OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...
OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...
Shane Coughlan
 
Maturity Models - Open Compliance Summit 2023
Maturity Models - Open Compliance Summit 2023Maturity Models - Open Compliance Summit 2023
Maturity Models - Open Compliance Summit 2023
Shane Coughlan
 
OpenChain Annual Report 2023 - Key Metrics Slides
OpenChain Annual Report 2023 - Key Metrics SlidesOpenChain Annual Report 2023 - Key Metrics Slides
OpenChain Annual Report 2023 - Key Metrics Slides
Shane Coughlan
 
OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27
OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27
OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27
Shane Coughlan
 
FOSSLight Community Day 2023-11-30
FOSSLight Community Day 2023-11-30FOSSLight Community Day 2023-11-30
FOSSLight Community Day 2023-11-30
Shane Coughlan
 

More from Shane Coughlan (20)

openEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain SecurityopenEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain Security
 
OpenChain @ LF Japan Executive Briefing - May 2024
OpenChain @ LF Japan Executive Briefing - May 2024OpenChain @ LF Japan Executive Briefing - May 2024
OpenChain @ LF Japan Executive Briefing - May 2024
 
OpenChain Webinar: AboutCode and Beyond - End-to-End SCA
OpenChain Webinar: AboutCode and Beyond - End-to-End SCAOpenChain Webinar: AboutCode and Beyond - End-to-End SCA
OpenChain Webinar: AboutCode and Beyond - End-to-End SCA
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
 
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full RecordingOpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
 
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full RecordingOpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
 
OpenChain Monthly Meeting North America and Asia - 2024-03-19
OpenChain Monthly Meeting North America and Asia - 2024-03-19OpenChain Monthly Meeting North America and Asia - 2024-03-19
OpenChain Monthly Meeting North America and Asia - 2024-03-19
 
OpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS CalculatorOpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS Calculator
 
openEuler Community Overview - a presentation showing the current scale
openEuler Community Overview - a presentation showing the current scaleopenEuler Community Overview - a presentation showing the current scale
openEuler Community Overview - a presentation showing the current scale
 
OpenChain AI Study Group - North America and Europe - 2024-02-20
OpenChain AI Study Group - North America and Europe - 2024-02-20OpenChain AI Study Group - North America and Europe - 2024-02-20
OpenChain AI Study Group - North America and Europe - 2024-02-20
 
AI Study Group North America - Europe 2024-02-06
AI Study Group North America - Europe 2024-02-06AI Study Group North America - Europe 2024-02-06
AI Study Group North America - Europe 2024-02-06
 
OpenChain Monthly North America / Europe Call - 2024-02-06
OpenChain Monthly North America / Europe Call - 2024-02-06OpenChain Monthly North America / Europe Call - 2024-02-06
OpenChain Monthly North America / Europe Call - 2024-02-06
 
OpenChain Export Control Work Group 2024-01-09
OpenChain Export Control Work Group 2024-01-09OpenChain Export Control Work Group 2024-01-09
OpenChain Export Control Work Group 2024-01-09
 
OpenChain Legal Work Group - 2024-01-17
OpenChain Legal Work Group - 2024-01-17OpenChain Legal Work Group - 2024-01-17
OpenChain Legal Work Group - 2024-01-17
 
Openchain AI Study Group 2024-01-23.pptx
Openchain AI Study Group 2024-01-23.pptxOpenchain AI Study Group 2024-01-23.pptx
Openchain AI Study Group 2024-01-23.pptx
 
OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...
OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...
OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...
 
Maturity Models - Open Compliance Summit 2023
Maturity Models - Open Compliance Summit 2023Maturity Models - Open Compliance Summit 2023
Maturity Models - Open Compliance Summit 2023
 
OpenChain Annual Report 2023 - Key Metrics Slides
OpenChain Annual Report 2023 - Key Metrics SlidesOpenChain Annual Report 2023 - Key Metrics Slides
OpenChain Annual Report 2023 - Key Metrics Slides
 
OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27
OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27
OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27
 
FOSSLight Community Day 2023-11-30
FOSSLight Community Day 2023-11-30FOSSLight Community Day 2023-11-30
FOSSLight Community Day 2023-11-30
 

Recently uploaded

Providing Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisProviding Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
Globus
 
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, BetterWebinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
XfilesPro
 
Quarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden ExtensionsQuarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden Extensions
Max Andersen
 
LORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOM
LORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOMLORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOM
LORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOM
lorraineandreiamcidl
 
Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"
Donna Lenk
 
Enterprise Software Development with No Code Solutions.pptx
Enterprise Software Development with No Code Solutions.pptxEnterprise Software Development with No Code Solutions.pptx
Enterprise Software Development with No Code Solutions.pptx
QuickwayInfoSystems3
 
Utilocate provides Smarter, Better, Faster, Safer Locate Ticket Management
Utilocate provides Smarter, Better, Faster, Safer Locate Ticket ManagementUtilocate provides Smarter, Better, Faster, Safer Locate Ticket Management
Utilocate provides Smarter, Better, Faster, Safer Locate Ticket Management
Utilocate
 
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of CodeA Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
Aftab Hussain
 
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
AI Pilot Review: The World’s First Virtual Assistant Marketing SuiteAI Pilot Review: The World’s First Virtual Assistant Marketing Suite
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
Google
 
Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024
Globus
 
Large Language Models and the End of Programming
Large Language Models and the End of ProgrammingLarge Language Models and the End of Programming
Large Language Models and the End of Programming
Matt Welsh
 
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Mind IT Systems
 
Vitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdfVitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke
 
2024 eCommerceDays Toulouse - Sylius 2.0.pdf
2024 eCommerceDays Toulouse - Sylius 2.0.pdf2024 eCommerceDays Toulouse - Sylius 2.0.pdf
2024 eCommerceDays Toulouse - Sylius 2.0.pdf
Łukasz Chruściel
 
First Steps with Globus Compute Multi-User Endpoints
First Steps with Globus Compute Multi-User EndpointsFirst Steps with Globus Compute Multi-User Endpoints
First Steps with Globus Compute Multi-User Endpoints
Globus
 
E-commerce Application Development Company.pdf
E-commerce Application Development Company.pdfE-commerce Application Development Company.pdf
E-commerce Application Development Company.pdf
Hornet Dynamics
 
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Globus
 
BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024
Ortus Solutions, Corp
 
Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604
Fermin Galan
 
Mobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona InfotechMobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona Infotech
Drona Infotech
 

Recently uploaded (20)

Providing Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisProviding Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
 
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, BetterWebinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
 
Quarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden ExtensionsQuarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden Extensions
 
LORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOM
LORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOMLORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOM
LORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOM
 
Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"
 
Enterprise Software Development with No Code Solutions.pptx
Enterprise Software Development with No Code Solutions.pptxEnterprise Software Development with No Code Solutions.pptx
Enterprise Software Development with No Code Solutions.pptx
 
Utilocate provides Smarter, Better, Faster, Safer Locate Ticket Management
Utilocate provides Smarter, Better, Faster, Safer Locate Ticket ManagementUtilocate provides Smarter, Better, Faster, Safer Locate Ticket Management
Utilocate provides Smarter, Better, Faster, Safer Locate Ticket Management
 
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of CodeA Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
 
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
AI Pilot Review: The World’s First Virtual Assistant Marketing SuiteAI Pilot Review: The World’s First Virtual Assistant Marketing Suite
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
 
Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024
 
Large Language Models and the End of Programming
Large Language Models and the End of ProgrammingLarge Language Models and the End of Programming
Large Language Models and the End of Programming
 
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
 
Vitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdfVitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdf
 
2024 eCommerceDays Toulouse - Sylius 2.0.pdf
2024 eCommerceDays Toulouse - Sylius 2.0.pdf2024 eCommerceDays Toulouse - Sylius 2.0.pdf
2024 eCommerceDays Toulouse - Sylius 2.0.pdf
 
First Steps with Globus Compute Multi-User Endpoints
First Steps with Globus Compute Multi-User EndpointsFirst Steps with Globus Compute Multi-User Endpoints
First Steps with Globus Compute Multi-User Endpoints
 
E-commerce Application Development Company.pdf
E-commerce Application Development Company.pdfE-commerce Application Development Company.pdf
E-commerce Application Development Company.pdf
 
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
 
BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024
 
Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604
 
Mobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona InfotechMobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona Infotech
 

OpenChain: How to manage OSS licenses for CI/CD development

  • 1. How to manage OSS licenses for CI/CD development Takuma Ueba Fujitsu Computer Technologies Limited Copyright 2019 FUJITSU COMPUTER TECHNOLOGIES LIMITED 1553ka1
  • 2. whoami Copyright 2019 FUJITSU COMPUTER TECHNOLOGIES LIMITED I have contributed to the following communities  Linux kernel  U-Boot  Yocto Project Developer of In-house Embedded Linux Distribution for Fujitsu Our Distribution is built with Yocto Project My team-member is maintainer of meta-spdxscanner(Lei Maohui) and dnf-plugin-tui(Zheng Ruoqin) Our Distribution is used for 80+ products  IVI  Server System Controller  Storage System  Network equipment etc.. Mainly platform community 1
  • 3. Agenda Copyright 2019 FUJITSU COMPUTER TECHNOLOGIES LIMITED Why SPDX is needed? Simple introduction of “meta-spdxscanner” Case Study (CI/CD development) Future Work (Current effort) Finally The names of products are the product names, trademarks or registered trademarks of the respective companies. Trademark notices ((R),TM) are not necessarily displayed on system names and product names in this material. 2
  • 4. Why SPDX is needed? Copyright 2019 FUJITSU COMPUTER TECHNOLOGIES LIMITED Difficult to manage OSS information in various formats product vendor SPDX OSS package information lack of information list delivery software A software B software C delivery delivery Company A Company B Company C supplier Missing OSS License Information!? 3
  • 5. Why SPDX is needed? Copyright 2019 FUJITSU COMPUTER TECHNOLOGIES LIMITED Extracting all license and copyright information Centralized format of package information for easier management delivery software A software B software C delivery delivery Company A Company B Company C SPDX OSS package information SPDX SPDX Software Package Data eXchange ® Standard format for communicating licenses, copyrights, etc. concerning software packages SPDX is an efficient method to comply with OpenChain. 4
  • 6. Simple introduction of “meta-spdxscanner” Copyright 2019 FUJITSU COMPUTER TECHNOLOGIES LIMITED  Patches come from 3rd party Yocto Project meta-spdxscanner SPDX files openembedded-core meta-oe meta-……  OSS source code ・default output: SPDX files (considering OpenChain) ・currently use fossology as a license scanner (but considering change to scancode-toolkit.) ・support for SPDX “Modification” field Yocto Project is embedded linux distribution build environment and De facto standard in WW. (e.g. Automotive Grade Linux (AGL), SoC vendor BSP … built with YP) do_fetch do_spdx do_package・・・do_unpack Yocto Build process 5
  • 7. Case Study (CI/CD development)  If integration (CI) is performed, new OSS and license will be added, so it is necessary to clarify the license to deliver.  In CI/CD development, reducing scan time is an theme. e.g. In Weekly Deploy environment, If it takes several hours, it does not fit the development cycle. Copyright 2019 FUJITSU COMPUTER TECHNOLOGIES LIMITED scan time delivery delivery scan time delivery delivery scan scan delivery delivery time integration integration scan integration integrationscan integration integration 6
  • 8. Case Study (CI/CD development)  “meta-spdxscanner” improved performance by reusing previous scan results. Copyright 2019 FUJITSU COMPUTER TECHNOLOGIES LIMITED 0 50 100 150 200 250 ntp busybox openssl openssh Spendtime(seconds) OSS first reuse 7
  • 9. Future work (current effort)  Automatically import spdx files from Yocto build process to SW360 (OSS management tool). Copyright 2019 FUJITSU COMPUTER TECHNOLOGIES LIMITED meta-spdxscanner License scanner  Scan only files with differences. (Currently, If there are differences in the source file, the entire file is rescanned.) Automation Easier license-clearing! Output only differences to spdx 8
  • 10. Finally Copyright 2019 FUJITSU COMPUTER TECHNOLOGIES LIMITED I'd appreciate it if you could give me feedback using meta-spdxscanner. github URL: https://github.com/dl9pf/meta-spdxscanner If you want to know more about meta-spdxscanner, please ask me. 9
  • 11. Copyright 2019 FUJITSU COMPUTER TECHNOLOGIES LIMITED

Editor's Notes

  1. 0
  2. 1
  3. 2
  4. 3
  5. 4
  6. 5
  7. 9