Shane Coughlan, profile picture
Uploaded byShane Coughlan
PPTX, PDF435 views

OpenChain: How to manage OSS licenses for CI/CD development

The document discusses the management of open source software (OSS) licenses in CI/CD development, highlighting the importance of SPDX for centralizing OSS information and compliance with OpenChain. It introduces the 'meta-spdxscanner' tool designed to streamline license scanning and improve performance by reusing previous scan results. The document also outlines future efforts to automate SPDX file imports and optimize the scanning process for efficiency.

Software
Related topics:
Supply Chain Insights CI/CD

Embed presentation

Download to read offline
How to manage OSS licenses for CI/CD development Takuma Ueba Fujitsu Computer Technologies Limited Copyright 2019 FUJITSU COMPUTER TECHNOLOGIES LIMITED 1553ka1
whoami Copyright 2019 FUJITSU COMPUTER TECHNOLOGIES LIMITED I have contributed to the following communities  Linux kernel  U-Boot  Yocto Project Developer of In-house Embedded Linux Distribution for Fujitsu Our Distribution is built with Yocto Project My team-member is maintainer of meta-spdxscanner(Lei Maohui) and dnf-plugin-tui(Zheng Ruoqin) Our Distribution is used for 80+ products  IVI  Server System Controller  Storage System  Network equipment etc.. Mainly platform community 1
Agenda Copyright 2019 FUJITSU COMPUTER TECHNOLOGIES LIMITED Why SPDX is needed? Simple introduction of “meta-spdxscanner” Case Study (CI/CD development) Future Work (Current effort) Finally The names of products are the product names, trademarks or registered trademarks of the respective companies. Trademark notices ((R),TM) are not necessarily displayed on system names and product names in this material. 2
Why SPDX is needed? Copyright 2019 FUJITSU COMPUTER TECHNOLOGIES LIMITED Difficult to manage OSS information in various formats product vendor SPDX OSS package information lack of information list delivery software A software B software C delivery delivery Company A Company B Company C supplier Missing OSS License Information!? 3
Why SPDX is needed? Copyright 2019 FUJITSU COMPUTER TECHNOLOGIES LIMITED Extracting all license and copyright information Centralized format of package information for easier management delivery software A software B software C delivery delivery Company A Company B Company C SPDX OSS package information SPDX SPDX Software Package Data eXchange ® Standard format for communicating licenses, copyrights, etc. concerning software packages SPDX is an efficient method to comply with OpenChain. 4
Simple introduction of “meta-spdxscanner” Copyright 2019 FUJITSU COMPUTER TECHNOLOGIES LIMITED  Patches come from 3rd party Yocto Project meta-spdxscanner SPDX files openembedded-core meta-oe meta-……  OSS source code ・default output: SPDX files (considering OpenChain) ・currently use fossology as a license scanner (but considering change to scancode-toolkit.) ・support for SPDX “Modification” field Yocto Project is embedded linux distribution build environment and De facto standard in WW. (e.g. Automotive Grade Linux (AGL), SoC vendor BSP … built with YP) do_fetch do_spdx do_package・・・do_unpack Yocto Build process 5
Case Study (CI/CD development)  If integration (CI) is performed, new OSS and license will be added, so it is necessary to clarify the license to deliver.  In CI/CD development, reducing scan time is an theme. e.g. In Weekly Deploy environment, If it takes several hours, it does not fit the development cycle. Copyright 2019 FUJITSU COMPUTER TECHNOLOGIES LIMITED scan time delivery delivery scan time delivery delivery scan scan delivery delivery time integration integration scan integration integrationscan integration integration 6
Case Study (CI/CD development)  “meta-spdxscanner” improved performance by reusing previous scan results. Copyright 2019 FUJITSU COMPUTER TECHNOLOGIES LIMITED 0 50 100 150 200 250 ntp busybox openssl openssh Spendtime(seconds) OSS first reuse 7
Future work (current effort)  Automatically import spdx files from Yocto build process to SW360 (OSS management tool). Copyright 2019 FUJITSU COMPUTER TECHNOLOGIES LIMITED meta-spdxscanner License scanner  Scan only files with differences. (Currently, If there are differences in the source file, the entire file is rescanned.) Automation Easier license-clearing! Output only differences to spdx 8
Finally Copyright 2019 FUJITSU COMPUTER TECHNOLOGIES LIMITED I'd appreciate it if you could give me feedback using meta-spdxscanner. github URL: https://github.com/dl9pf/meta-spdxscanner If you want to know more about meta-spdxscanner, please ask me. 9
Copyright 2019 FUJITSU COMPUTER TECHNOLOGIES LIMITED

More Related Content

PPTX
OpenChain Automotive Work Group Meeting #2 - Lyon
byShane Coughlan
 
PDF
OpenChain Automation Case Study - September to December 2021
byShane Coughlan
 
PDF
Bosch: AN UPDATE ON OUR ACTIVITIES IN AUTOMATING OSS COMPLIANCE: A WORKING SH...
byShane Coughlan
 
PDF
Using SW360 for OSS Compliance Management Process - A Toshiba Case Study for ...
byShane Coughlan
 
PPTX
OpenChain Automation Case Study - September to December 2021
byShane Coughlan
 
PDF
Toyota and Strategic Collaboration with the Community
byShane Coughlan
 
PDF
Osborne Clarke - OpenChain - FOSSmatrix
byShane Coughlan
 
PPTX
Free and Open Source Software - Challenges for the Automotive Supply Chain
byShane Coughlan
 
OpenChain Automotive Work Group Meeting #2 - Lyon
byShane Coughlan
 
OpenChain Automation Case Study - September to December 2021
byShane Coughlan
 
Bosch: AN UPDATE ON OUR ACTIVITIES IN AUTOMATING OSS COMPLIANCE: A WORKING SH...
byShane Coughlan
 
Using SW360 for OSS Compliance Management Process - A Toshiba Case Study for ...
byShane Coughlan
 
OpenChain Automation Case Study - September to December 2021
byShane Coughlan
 
Toyota and Strategic Collaboration with the Community
byShane Coughlan
 
Osborne Clarke - OpenChain - FOSSmatrix
byShane Coughlan
 
Free and Open Source Software - Challenges for the Automotive Supply Chain
byShane Coughlan
 

What's hot

PPTX
Open Source at Scania
byShane Coughlan
 
PDF
OpenChain Continual Improvement Case Studies
byShane Coughlan
 
PDF
SFScon17 - Alessandro Narduzzo: " Organizing New Venture For A Dominant Design"
bySouth Tyrol Free Software Conference
 
PPTX
OpenChain Webinar #11 - cii-bp-badge-intro
byShane Coughlan
 
PPTX
OpenChain Webinar #10 - Joint Development Foundation - 2020-08-17
byShane Coughlan
 
PDF
OpenChain Webinar #11 - Open Source Issues Remediation - Jari Koivisto - 2020...
byShane Coughlan
 
PDF
OpenChain Japan Work Group Meeting #16 - Remote Meeting #3
byShane Coughlan
 
PPTX
OpenChain Japan Work Group Meeting #18 (Virtual Meeting #5) - Keynote Message
byShane Coughlan
 
PPTX
Licensing in Composite Open Source Projects
byProtecode
 
PPTX
Licensing in Composite Projects
byTiberius Forrester
 
PDF
Sogeti Software Maintainability Roadshow
byPeter Rombouts
 
PPTX
Maintainability Sogeti Qx Day 2020
byPeter Rombouts
 
PPTX
Sogeti Java Meetup - How to ensure your code is maintainable
byPeter Rombouts
 
PDF
Giving Everyone Access To Open Source Best Practices: The OpenChain Curriculum
byShane Coughlan
 
PDF
Software Heritage, a revolutionary infrastructure for software source code, O...
byOW2
 
PPTX
OpenChain & OpenUK Future Leaders Group Presentation (Reduced)
byShane Coughlan
 
PDF
From legacy code to continuous integration
byMatheus Marabesi
 
PDF
OIDF Workshop 4/29/2019 -- OpenID Research & Education Working Group Update
byOpenIDFoundation
 
PDF
Ndg linux unhatched 0920 dm
byHP IT GROUP (TEBIM TEBITAGEM) TTGRT HP E-TİCARET
 
PDF
Open Source In Enterprises Apache2009 Beijing Jack Cai
byOpenSourceCamp
 
Open Source at Scania
byShane Coughlan
 
OpenChain Continual Improvement Case Studies
byShane Coughlan
 
SFScon17 - Alessandro Narduzzo: " Organizing New Venture For A Dominant Design"
bySouth Tyrol Free Software Conference
 
OpenChain Webinar #11 - cii-bp-badge-intro
byShane Coughlan
 
OpenChain Webinar #10 - Joint Development Foundation - 2020-08-17
byShane Coughlan
 
OpenChain Webinar #11 - Open Source Issues Remediation - Jari Koivisto - 2020...
byShane Coughlan
 
OpenChain Japan Work Group Meeting #16 - Remote Meeting #3
byShane Coughlan
 
OpenChain Japan Work Group Meeting #18 (Virtual Meeting #5) - Keynote Message
byShane Coughlan
 
Licensing in Composite Open Source Projects
byProtecode
 
Licensing in Composite Projects
byTiberius Forrester
 
Sogeti Software Maintainability Roadshow
byPeter Rombouts
 
Maintainability Sogeti Qx Day 2020
byPeter Rombouts
 
Sogeti Java Meetup - How to ensure your code is maintainable
byPeter Rombouts
 
Giving Everyone Access To Open Source Best Practices: The OpenChain Curriculum
byShane Coughlan
 
Software Heritage, a revolutionary infrastructure for software source code, O...
byOW2
 
OpenChain & OpenUK Future Leaders Group Presentation (Reduced)
byShane Coughlan
 
From legacy code to continuous integration
byMatheus Marabesi
 
OIDF Workshop 4/29/2019 -- OpenID Research & Education Working Group Update
byOpenIDFoundation
 
Ndg linux unhatched 0920 dm
byHP IT GROUP (TEBIM TEBITAGEM) TTGRT HP E-TİCARET
 
Open Source In Enterprises Apache2009 Beijing Jack Cai
byOpenSourceCamp
 

Similar to OpenChain: How to manage OSS licenses for CI/CD development

PPTX
How to Manage OSS Licenses in CI/CD Development
byShane Coughlan
 
PPTX
Improvements in meta spdxscanner through FOSSology - Ueba San
byShane Coughlan
 
PPTX
Open Source License Compliance with AGL
byPaul Barker
 
PPTX
OpenChain, SPDX and FOSSology
byShane Coughlan
 
PPTX
Android for the Enterprise and OEMs
byBlack Duck by Synopsys
 
PPTX
License compliance in embedded linux with the yocto project
byPaul Barker
 
PPTX
How Teradata uses Stacki
byStackIQ
 
PDF
XPDS16: The OpenXT Project in 2016 - Christopher Clark, BAE Systems
byThe Linux Foundation
 
PDF
Yocto Project - OSCON 7-17-2012
byJeffrey Osier-Mixon
 
KEY
Tycho - Building plug-ins with Maven
byPascal Rapicault
 
PDF
OWF14 - Open Source & Software Supply Chain
byParis Open Source Summit
 
PDF
Open source software governance with DejaCode
bynexB Inc.
 
PPTX
Yocto Project introduction
byYi-Hsiu Hsu
 
PPTX
Eclipse IDE Yocto Plugin
bycudma
 
PPTX
Software update for embedded systems
bySZ Lin
 
PDF
Automating License Identification with SPDX-Tool in Ada
byStephane Carrez
 
PPTX
About SPDX Lite - Japanese Deployment Initiative via OpenChain Japan Work Group
byShane Coughlan
 
PDF
Openstack ap summit
byOpenCity Community
 
PDF
Pwx 90 cdc_guide_for_luw
byMiguelAngel De Paz González
 
PDF
Yocto Project Linux as a platform for embedded system design
byAlex Gonzalez
 
How to Manage OSS Licenses in CI/CD Development
byShane Coughlan
 
Improvements in meta spdxscanner through FOSSology - Ueba San
byShane Coughlan
 
Open Source License Compliance with AGL
byPaul Barker
 
OpenChain, SPDX and FOSSology
byShane Coughlan
 
Android for the Enterprise and OEMs
byBlack Duck by Synopsys
 
License compliance in embedded linux with the yocto project
byPaul Barker
 
How Teradata uses Stacki
byStackIQ
 
XPDS16: The OpenXT Project in 2016 - Christopher Clark, BAE Systems
byThe Linux Foundation
 
Yocto Project - OSCON 7-17-2012
byJeffrey Osier-Mixon
 
Tycho - Building plug-ins with Maven
byPascal Rapicault
 
OWF14 - Open Source & Software Supply Chain
byParis Open Source Summit
 
Open source software governance with DejaCode
bynexB Inc.
 
Yocto Project introduction
byYi-Hsiu Hsu
 
Eclipse IDE Yocto Plugin
bycudma
 
Software update for embedded systems
bySZ Lin
 
Automating License Identification with SPDX-Tool in Ada
byStephane Carrez
 
About SPDX Lite - Japanese Deployment Initiative via OpenChain Japan Work Group
byShane Coughlan
 
Openstack ap summit
byOpenCity Community
 
Pwx 90 cdc_guide_for_luw
byMiguelAngel De Paz González
 
Yocto Project Linux as a platform for embedded system design
byAlex Gonzalez
 

More from Shane Coughlan

PPTX
OpenChain presentation at LF Legal Summit 2025
byShane Coughlan
 
PPTX
OpenChain at Okinawa Event on the 4th of December 2025
byShane Coughlan
 
PPTX
The OpenChain China Mini-Summit at COSCON 2025
byShane Coughlan
 
PPTX
A Panel on Containers and Compliance Hosted by Chris Wood, OpenChain Specifi...
byShane Coughlan
 
PDF
EU Regulation and the FOSS Ecosystem - Ciarán OʼRiordan
byShane Coughlan
 
PDF
OpenChain Global Update @ Open Source Tech Day 2025
byShane Coughlan
 
PPTX
Standardization of open-source software ISO/IEC 5230:2020 and ISO/IEC 18974:2...
byShane Coughlan
 
PDF
Introduction to the European Union Cyber Resilience Act (CRA)
byShane Coughlan
 
PDF
SBOM Document Quality Guide - OpenChain SBOM Study Group
byShane Coughlan
 
PPTX
Empowering Asian Contributions: The Rise of Regional User Groups in Open Sour...
byShane Coughlan
 
PPTX
Operations Profile SPDX_Update_20250711_Example_05_03.pptx
byShane Coughlan
 
PDF
The 3rd OSPO Summit - China (Beijing - 2025-06-12)
byShane Coughlan
 
PPTX
OpenChain Korea Work Group Meeting - 2025-06-16
byShane Coughlan
 
PPTX
OpenChain Tooling Work Group - 2025-07-02
byShane Coughlan
 
PPTX
OpenChain @ OSS NA - In From the Cold: Open Source as Part of Mainstream Soft...
byShane Coughlan
 
PPTX
In From the Cold: Open Source as Part of Mainstream Software Asset Management
byShane Coughlan
 
PPTX
Empowering Asian Contributions: The Rise of Regional User Groups in Open Sour...
byShane Coughlan
 
PDF
Open Chain Q2 Steering Committee Meeting - 2025-06-25
byShane Coughlan
 
PDF
OpenChain Webinar - AboutCode - Practical Compliance in One Stack – Licensing...
byShane Coughlan
 
PPTX
OpenChain China Work Group – Regular Meeting 3 – 2024-11-29 @ 14:00 to 17:30
byShane Coughlan
 
OpenChain presentation at LF Legal Summit 2025
byShane Coughlan
 
OpenChain at Okinawa Event on the 4th of December 2025
byShane Coughlan
 
The OpenChain China Mini-Summit at COSCON 2025
byShane Coughlan
 
A Panel on Containers and Compliance Hosted by Chris Wood, OpenChain Specifi...
byShane Coughlan
 
EU Regulation and the FOSS Ecosystem - Ciarán OʼRiordan
byShane Coughlan
 
OpenChain Global Update @ Open Source Tech Day 2025
byShane Coughlan
 
Standardization of open-source software ISO/IEC 5230:2020 and ISO/IEC 18974:2...
byShane Coughlan
 
Introduction to the European Union Cyber Resilience Act (CRA)
byShane Coughlan
 
SBOM Document Quality Guide - OpenChain SBOM Study Group
byShane Coughlan
 
Empowering Asian Contributions: The Rise of Regional User Groups in Open Sour...
byShane Coughlan
 
Operations Profile SPDX_Update_20250711_Example_05_03.pptx
byShane Coughlan
 
The 3rd OSPO Summit - China (Beijing - 2025-06-12)
byShane Coughlan
 
OpenChain Korea Work Group Meeting - 2025-06-16
byShane Coughlan
 
OpenChain Tooling Work Group - 2025-07-02
byShane Coughlan
 
OpenChain @ OSS NA - In From the Cold: Open Source as Part of Mainstream Soft...
byShane Coughlan
 
In From the Cold: Open Source as Part of Mainstream Software Asset Management
byShane Coughlan
 
Empowering Asian Contributions: The Rise of Regional User Groups in Open Sour...
byShane Coughlan
 
Open Chain Q2 Steering Committee Meeting - 2025-06-25
byShane Coughlan
 
OpenChain Webinar - AboutCode - Practical Compliance in One Stack – Licensing...
byShane Coughlan
 
OpenChain China Work Group – Regular Meeting 3 – 2024-11-29 @ 14:00 to 17:30
byShane Coughlan
 

Recently uploaded

PDF
Transforming Compliance Through Policy & Procedure Management
byInsurance Tech Services
 
PDF
Blueprint to build quality before the code exists - StackConnect Milan 2025
byLudovicoBesana1
 
PPTX
NSF Converter Software to Convert NSF to PST, EML, MSG
byNSF Converter Software
 
PDF
Imed Eddine Bouchoucha | computer engineer | software Architect
byImed Bouchoucha
 
PPTX
GDS Integration Solution | GDS Integration Service
byyugababu033
 
PPTX
Binance Smart Chain Development Guide.pptx
bylakshubadai
 
PDF
INTRODUCTION TO DATABASES, MYSQL, MS ACCESS, PHARMACY DRUG DATABASE.pdf
bylikudas9861
 
PPT
This-Project-Demonstrates-How-to-Create.ppt
byjayasuryanexinfo
 
PPTX
Magnet-AXIOM_overview_tool_cyber_tool.pptx
byashishtjoseph
 
PDF
Combinatorial Interview Problems with Backtracking Solutions - From Imperativ...
byPhilip Schwarz
 
PPTX
Application Security – Static Application Security Testing (SAST)
byLalit Jagotra
 
PDF
Constraints First - Why Our On-Prem Ticketing System Starts With Limits, Not ...
bySpirit Face
 
PDF
SecureChain AI (SCAI) Token – Smart Contract Security Audit Report by EtherAu...
byEtherAuthority
 
PDF
Here’s the case study that shows how companies lose ₹2–6 Cr annually due to m...
bysiddhantdazzlo
 
PDF
Resource-Levelled Critical-Path Analysis Balancing Time, Cost and Constraints
byOrangescrum
 
PPTX
AI Clinic Management Software for Pulmonology Clinics Bringing Clarity, Contr...
byEasy Clinic
 
PDF
Cybersecurity Alert- What Organisations Must Watch Out For This Christmas Fes...
byCybernetic Global Intelligence
 
PDF
PeopleSoft Lift and Shift to Oracle Cloud Infrastructure.pdf
byAstuteBusiness
 
PPTX
Reimagining Service with AI Voice Agents | Webinar
byCEPTES Software
 
PDF
Digitizing Banquet Management_ Why It Matters for Modern Hotels.pdf
byHotelogix
 
Transforming Compliance Through Policy & Procedure Management
byInsurance Tech Services
 
Blueprint to build quality before the code exists - StackConnect Milan 2025
byLudovicoBesana1
 
NSF Converter Software to Convert NSF to PST, EML, MSG
byNSF Converter Software
 
Imed Eddine Bouchoucha | computer engineer | software Architect
byImed Bouchoucha
 
GDS Integration Solution | GDS Integration Service
byyugababu033
 
Binance Smart Chain Development Guide.pptx
bylakshubadai
 
INTRODUCTION TO DATABASES, MYSQL, MS ACCESS, PHARMACY DRUG DATABASE.pdf
bylikudas9861
 
This-Project-Demonstrates-How-to-Create.ppt
byjayasuryanexinfo
 
Magnet-AXIOM_overview_tool_cyber_tool.pptx
byashishtjoseph
 
Combinatorial Interview Problems with Backtracking Solutions - From Imperativ...
byPhilip Schwarz
 
Application Security – Static Application Security Testing (SAST)
byLalit Jagotra
 
Constraints First - Why Our On-Prem Ticketing System Starts With Limits, Not ...
bySpirit Face
 
SecureChain AI (SCAI) Token – Smart Contract Security Audit Report by EtherAu...
byEtherAuthority
 
Here’s the case study that shows how companies lose ₹2–6 Cr annually due to m...
bysiddhantdazzlo
 
Resource-Levelled Critical-Path Analysis Balancing Time, Cost and Constraints
byOrangescrum
 
AI Clinic Management Software for Pulmonology Clinics Bringing Clarity, Contr...
byEasy Clinic
 
Cybersecurity Alert- What Organisations Must Watch Out For This Christmas Fes...
byCybernetic Global Intelligence
 
PeopleSoft Lift and Shift to Oracle Cloud Infrastructure.pdf
byAstuteBusiness
 
Reimagining Service with AI Voice Agents | Webinar
byCEPTES Software
 
Digitizing Banquet Management_ Why It Matters for Modern Hotels.pdf
byHotelogix
 

OpenChain: How to manage OSS licenses for CI/CD development

  • 1.
    How to manageOSS licenses for CI/CD development Takuma Ueba Fujitsu Computer Technologies Limited Copyright 2019 FUJITSU COMPUTER TECHNOLOGIES LIMITED 1553ka1
  • 2.
    whoami Copyright 2019 FUJITSUCOMPUTER TECHNOLOGIES LIMITED I have contributed to the following communities  Linux kernel  U-Boot  Yocto Project Developer of In-house Embedded Linux Distribution for Fujitsu Our Distribution is built with Yocto Project My team-member is maintainer of meta-spdxscanner(Lei Maohui) and dnf-plugin-tui(Zheng Ruoqin) Our Distribution is used for 80+ products  IVI  Server System Controller  Storage System  Network equipment etc.. Mainly platform community 1
  • 3.
    Agenda Copyright 2019 FUJITSUCOMPUTER TECHNOLOGIES LIMITED Why SPDX is needed? Simple introduction of “meta-spdxscanner” Case Study (CI/CD development) Future Work (Current effort) Finally The names of products are the product names, trademarks or registered trademarks of the respective companies. Trademark notices ((R),TM) are not necessarily displayed on system names and product names in this material. 2
  • 4.
    Why SPDX isneeded? Copyright 2019 FUJITSU COMPUTER TECHNOLOGIES LIMITED Difficult to manage OSS information in various formats product vendor SPDX OSS package information lack of information list delivery software A software B software C delivery delivery Company A Company B Company C supplier Missing OSS License Information!? 3
  • 5.
    Why SPDX isneeded? Copyright 2019 FUJITSU COMPUTER TECHNOLOGIES LIMITED Extracting all license and copyright information Centralized format of package information for easier management delivery software A software B software C delivery delivery Company A Company B Company C SPDX OSS package information SPDX SPDX Software Package Data eXchange ® Standard format for communicating licenses, copyrights, etc. concerning software packages SPDX is an efficient method to comply with OpenChain. 4
  • 6.
    Simple introduction of“meta-spdxscanner” Copyright 2019 FUJITSU COMPUTER TECHNOLOGIES LIMITED  Patches come from 3rd party Yocto Project meta-spdxscanner SPDX files openembedded-core meta-oe meta-……  OSS source code ・default output: SPDX files (considering OpenChain) ・currently use fossology as a license scanner (but considering change to scancode-toolkit.) ・support for SPDX “Modification” field Yocto Project is embedded linux distribution build environment and De facto standard in WW. (e.g. Automotive Grade Linux (AGL), SoC vendor BSP … built with YP) do_fetch do_spdx do_package・・・do_unpack Yocto Build process 5
  • 7.
    Case Study (CI/CDdevelopment)  If integration (CI) is performed, new OSS and license will be added, so it is necessary to clarify the license to deliver.  In CI/CD development, reducing scan time is an theme. e.g. In Weekly Deploy environment, If it takes several hours, it does not fit the development cycle. Copyright 2019 FUJITSU COMPUTER TECHNOLOGIES LIMITED scan time delivery delivery scan time delivery delivery scan scan delivery delivery time integration integration scan integration integrationscan integration integration 6
  • 8.
    Case Study (CI/CDdevelopment)  “meta-spdxscanner” improved performance by reusing previous scan results. Copyright 2019 FUJITSU COMPUTER TECHNOLOGIES LIMITED 0 50 100 150 200 250 ntp busybox openssl openssh Spendtime(seconds) OSS first reuse 7
  • 9.
    Future work (currenteffort)  Automatically import spdx files from Yocto build process to SW360 (OSS management tool). Copyright 2019 FUJITSU COMPUTER TECHNOLOGIES LIMITED meta-spdxscanner License scanner  Scan only files with differences. (Currently, If there are differences in the source file, the entire file is rescanned.) Automation Easier license-clearing! Output only differences to spdx 8
  • 10.
    Finally Copyright 2019 FUJITSUCOMPUTER TECHNOLOGIES LIMITED I'd appreciate it if you could give me feedback using meta-spdxscanner. github URL: https://github.com/dl9pf/meta-spdxscanner If you want to know more about meta-spdxscanner, please ask me. 9
  • 11.
    Copyright 2019 FUJITSUCOMPUTER TECHNOLOGIES LIMITED

Editor's Notes