SlideShare a Scribd company logo

Tracking license compliance made easy - intro to Grant (OSS)

Anchore
Anchore

Understanding associated software licenses is non-negotiable before delivering application software to customers. However, tracking and managing the manifest of licenses associated with your application and associated dependencies is a time consuming,challenging and a never ending process. Grant is our latest open source tool aiding teams in tackling this complex license management problem. Grant allows users to list and examine existing licenses, using SBOMs generated from source code repositories or application container images. Users generate a report showing their compliance with a set policy without having to manually comb through licenses one by one. Dev teams assert and establish the license presence in the application, ship faster, and eliminate non compliant packages earlier. In this webinar, Dan Nurmi, Anchore CTO, and Christopher Phillips, Senior Software Engineer, will: Provide an overview of the software license landscape today Explain why license checks are so cumbersome and Give a Live demo how Grant improves and simplifies license check, And automates the process of generating license reports. www.anchore.com

Technology
1 of 27
Tracking License Compliance Made Easy - Intro to Grant (OSS) Christopher Phillips Software Engineer Anchore Daniel Nurmi CTO Anchore
Housekeeping 01 02 03 All participant lines are muted Questions will be accepted throughout, enter questions via Q&A panel You will receive a follow-up email with a link to the recording 04 Please respond to poll questions as they are appear on your screen
Anchore | Software Supply Chain Management Anchore | Software Supply Chain Management Securing your software supply chain with a frictionless developer experience that optimizes velocity Your DevOps Process Run Deploy Test Build Develop Source
Agenda Introductions 01 02 Open Source License Headaches 03 Automating License Lists and their Component Associations 04 Q&A
Consumers Need More Than Your Product
That Thing…
This is a good problem to have Usually only have to do when you’ve gained a customer, however…
Go From This
To This
To This v1.0 v2.0
To This v3.0 v1.0 v2.0
To This v2.0.1 v1.0 v2.0 v3.0
This seems more complicated than it should be… v2.0.1 v1.0 v2.0 v3.0
Challenges when manually building that sheet ● Often lots of repeatable work that’s hard to persist over changes ● Better for machines to recognize the actual license ID ● Context of the reviewer on if licenses should be accepted as is or if SPDX the statement has wiggle room
Challenges when building bespoke specialized tooling ● Works for only certain images and hard when application requirements change ● Scaling into different processes is hard and requires more development time ● Always switching contexts between delivering for the customer and delivering compliance and process
How do we move towards a generalized SBOM path?
Introducing Grant!
Combining Tools for Best Results
Remove Developers From The Interruption Path
Github Actions Workflow -
SBOM -> Licenses -
Single Dispatch
Single Click - Packages and Licenses -
Anchore Enterprise Software Composition Analysis from Code to Cloud Cloud-native Focus Fast scanning of containerized applications, at scale High Fidelity SBOMs to identify OSS dependencies and security issues Multi-stage scanning across Git, CI/CD, Registry, and Kubernetes Open Source Centric End to End Coverage Controls for NIST, FedRAMP, DISA and more. Compliance Automation
Anchore Enterprise Software Composition Analysis from Code to Cloud Cloud-native Focus Fast scanning of containerized applications, at scale High Fidelity SBOMs to identify OSS dependencies and security issues Multi-stage scanning across Git, CI/CD, Registry, and Kubernetes Open Source Centric End to End Coverage Controls for NIST, FedRAMP, DISA and more. Compliance Automation
Next Steps Get started with Grant today and contribute https://github.com/anchore/grant Join our community Slack https://get.anchore.com/join-anchore-community/ Next community meeting https://github.com/anchore/syft?tab=readme-ov-file#join- our-community-meetings Learn more about Anchore Enterprise https://anchore.com/platform
Thank you for joining! Schedule a demo of our platform at get.anchore.com/demo-request

Recommended

Software Security in the Real World w/Kelsey Hightower
Software Security in the Real World w/Kelsey HightowerSoftware Security in the Real World w/Kelsey Hightower
Software Security in the Real World w/Kelsey HightowerAnchore
 
Agile & DevOps - It's all about project success
Agile & DevOps - It's all about project successAgile & DevOps - It's all about project success
Agile & DevOps - It's all about project successAdam Stephensen
 
Continuous delivery @wcap 5-09-2013
Continuous delivery @wcap 5-09-2013Continuous delivery @wcap 5-09-2013
Continuous delivery @wcap 5-09-2013David Funaro
 
The Continuous delivery value - Funaro
The Continuous delivery value - FunaroThe Continuous delivery value - Funaro
The Continuous delivery value - FunaroCodemotion
 
The Continuous delivery Value @ codemotion 2014
The Continuous delivery Value @ codemotion 2014The Continuous delivery Value @ codemotion 2014
The Continuous delivery Value @ codemotion 2014David Funaro
 
DevOps: Age Of CI/CD
DevOps: Age Of CI/CDDevOps: Age Of CI/CD
DevOps: Age Of CI/CDMoogleLabs default
 
Application Lifecycle Management
Application Lifecycle ManagementApplication Lifecycle Management
Application Lifecycle ManagementAmazon Web Services
 
Getting Started With Continuous Delivery on AWS - AWS April 2016 Webinar Series
Getting Started With Continuous Delivery on AWS - AWS April 2016 Webinar SeriesGetting Started With Continuous Delivery on AWS - AWS April 2016 Webinar Series
Getting Started With Continuous Delivery on AWS - AWS April 2016 Webinar SeriesAmazon Web Services
 

Recommended

Software Security in the Real World w/Kelsey Hightower
Software Security in the Real World w/Kelsey HightowerSoftware Security in the Real World w/Kelsey Hightower
Software Security in the Real World w/Kelsey HightowerAnchore
 
Agile & DevOps - It's all about project success
Agile & DevOps - It's all about project successAgile & DevOps - It's all about project success
Agile & DevOps - It's all about project successAdam Stephensen
 
Continuous delivery @wcap 5-09-2013
Continuous delivery @wcap 5-09-2013Continuous delivery @wcap 5-09-2013
Continuous delivery @wcap 5-09-2013David Funaro
 
The Continuous delivery value - Funaro
The Continuous delivery value - FunaroThe Continuous delivery value - Funaro
The Continuous delivery value - FunaroCodemotion
 
The Continuous delivery Value @ codemotion 2014
The Continuous delivery Value @ codemotion 2014The Continuous delivery Value @ codemotion 2014
The Continuous delivery Value @ codemotion 2014David Funaro
 
DevOps: Age Of CI/CD
DevOps: Age Of CI/CDDevOps: Age Of CI/CD
DevOps: Age Of CI/CDMoogleLabs default
 
Application Lifecycle Management
Application Lifecycle ManagementApplication Lifecycle Management
Application Lifecycle ManagementAmazon Web Services
 
Getting Started With Continuous Delivery on AWS - AWS April 2016 Webinar Series
Getting Started With Continuous Delivery on AWS - AWS April 2016 Webinar SeriesGetting Started With Continuous Delivery on AWS - AWS April 2016 Webinar Series
Getting Started With Continuous Delivery on AWS - AWS April 2016 Webinar SeriesAmazon Web Services
 
Introducing Continuous Integration Using Vsts
Introducing Continuous Integration Using VstsIntroducing Continuous Integration Using Vsts
Introducing Continuous Integration Using VstsMohamed Samy
 
Accelerate User Driven Innovation [Webinar]
Accelerate User Driven Innovation [Webinar]Accelerate User Driven Innovation [Webinar]
Accelerate User Driven Innovation [Webinar]Dynatrace
 
Enterprise DevOps and the Modern Mainframe Webcast Presentation
Enterprise DevOps and the Modern Mainframe Webcast PresentationEnterprise DevOps and the Modern Mainframe Webcast Presentation
Enterprise DevOps and the Modern Mainframe Webcast PresentationCompuware
 
Data Engineer's Lunch #68: DevOps Fundamentals
Data Engineer's Lunch #68: DevOps FundamentalsData Engineer's Lunch #68: DevOps Fundamentals
Data Engineer's Lunch #68: DevOps FundamentalsAnant Corporation
 
Agile Code Reviews: Supporting collaboration and improving production uptime ...
Agile Code Reviews: Supporting collaboration and improving production uptime ...Agile Code Reviews: Supporting collaboration and improving production uptime ...
Agile Code Reviews: Supporting collaboration and improving production uptime ...Atlassian
 
DevOps on AWS
DevOps on AWSDevOps on AWS
DevOps on AWSAmazon Web Services
 
Dops 1033 dev-ops_review_final
Dops 1033 dev-ops_review_finalDops 1033 dev-ops_review_final
Dops 1033 dev-ops_review_finalDaniel Berg
 
DevOps Delivery Pipeline
DevOps Delivery PipelineDevOps Delivery Pipeline
DevOps Delivery PipelineDenis Korchuganov
 
Salesforce cicd integration a quick guide
Salesforce cicd integration a quick guideSalesforce cicd integration a quick guide
Salesforce cicd integration a quick guideKaty Slemon
 
Webinar: “Continuous Delivery: il tuo primo passo verso il DevOps”
Webinar: “Continuous Delivery: il tuo primo passo verso il DevOps”Webinar: “Continuous Delivery: il tuo primo passo verso il DevOps”
Webinar: “Continuous Delivery: il tuo primo passo verso il DevOps”Emerasoft, solutions to collaborate
 
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer ToolsDevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer ToolsAmazon Web Services
 
Make Software Audit Nightmares a Thing of the Past
Make Software Audit Nightmares a Thing of the PastMake Software Audit Nightmares a Thing of the Past
Make Software Audit Nightmares a Thing of the PastXebiaLabs
 
Webinar : Microservices and Containerization
Webinar : Microservices and ContainerizationWebinar : Microservices and Containerization
Webinar : Microservices and ContainerizationNewt Global Consulting LLC
 
Deployment Automation for Hybrid Cloud and Multi-Platform Environments
Deployment Automation for Hybrid Cloud and Multi-Platform EnvironmentsDeployment Automation for Hybrid Cloud and Multi-Platform Environments
Deployment Automation for Hybrid Cloud and Multi-Platform EnvironmentsIBM UrbanCode Products
 
Continuous Everything
Continuous EverythingContinuous Everything
Continuous EverythingAndrea Tino
 
[WSO2Con EU 2017] Continuous Integration, Delivery and Deployment: Accelerate...
[WSO2Con EU 2017] Continuous Integration, Delivery and Deployment: Accelerate...[WSO2Con EU 2017] Continuous Integration, Delivery and Deployment: Accelerate...
[WSO2Con EU 2017] Continuous Integration, Delivery and Deployment: Accelerate...WSO2
 
DevOps For Everyone: Bringing DevOps Success to Every App and Every Role in y...
DevOps For Everyone: Bringing DevOps Success to Every App and Every Role in y...DevOps For Everyone: Bringing DevOps Success to Every App and Every Role in y...
DevOps For Everyone: Bringing DevOps Success to Every App and Every Role in y...Siva Rama Krishna Chunduru
 
Agility and Control from AWS [FutureStack16]
Agility and Control from AWS [FutureStack16]Agility and Control from AWS [FutureStack16]
Agility and Control from AWS [FutureStack16]New Relic
 
DevOps CTO Masterclass | Webinar Oct. 2020
DevOps CTO Masterclass | Webinar Oct. 2020DevOps CTO Masterclass | Webinar Oct. 2020
DevOps CTO Masterclass | Webinar Oct. 2020Cyber-Duck
 
How to go from waterfall app dev to secure agile development in 2 weeks
How to go from waterfall app dev to secure agile development in 2 weeks How to go from waterfall app dev to secure agile development in 2 weeks
How to go from waterfall app dev to secure agile development in 2 weeks Ulf Mattsson
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 

More Related Content

Similar to Tracking license compliance made easy - intro to Grant (OSS)

Introducing Continuous Integration Using Vsts
Introducing Continuous Integration Using VstsIntroducing Continuous Integration Using Vsts
Introducing Continuous Integration Using VstsMohamed Samy
 
Accelerate User Driven Innovation [Webinar]
Accelerate User Driven Innovation [Webinar]Accelerate User Driven Innovation [Webinar]
Accelerate User Driven Innovation [Webinar]Dynatrace
 
Enterprise DevOps and the Modern Mainframe Webcast Presentation
Enterprise DevOps and the Modern Mainframe Webcast PresentationEnterprise DevOps and the Modern Mainframe Webcast Presentation
Enterprise DevOps and the Modern Mainframe Webcast PresentationCompuware
 
Data Engineer's Lunch #68: DevOps Fundamentals
Data Engineer's Lunch #68: DevOps FundamentalsData Engineer's Lunch #68: DevOps Fundamentals
Data Engineer's Lunch #68: DevOps FundamentalsAnant Corporation
 
Agile Code Reviews: Supporting collaboration and improving production uptime ...
Agile Code Reviews: Supporting collaboration and improving production uptime ...Agile Code Reviews: Supporting collaboration and improving production uptime ...
Agile Code Reviews: Supporting collaboration and improving production uptime ...Atlassian
 
Dops 1033 dev-ops_review_final
Dops 1033 dev-ops_review_finalDops 1033 dev-ops_review_final
Dops 1033 dev-ops_review_finalDaniel Berg
 
Salesforce cicd integration a quick guide
Salesforce cicd integration a quick guideSalesforce cicd integration a quick guide
Salesforce cicd integration a quick guideKaty Slemon
 
Webinar: “Continuous Delivery: il tuo primo passo verso il DevOps”
Webinar: “Continuous Delivery: il tuo primo passo verso il DevOps”Webinar: “Continuous Delivery: il tuo primo passo verso il DevOps”
Webinar: “Continuous Delivery: il tuo primo passo verso il DevOps”Emerasoft, solutions to collaborate
 
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer ToolsDevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer ToolsAmazon Web Services
 
Make Software Audit Nightmares a Thing of the Past
Make Software Audit Nightmares a Thing of the PastMake Software Audit Nightmares a Thing of the Past
Make Software Audit Nightmares a Thing of the PastXebiaLabs
 
Deployment Automation for Hybrid Cloud and Multi-Platform Environments
Deployment Automation for Hybrid Cloud and Multi-Platform EnvironmentsDeployment Automation for Hybrid Cloud and Multi-Platform Environments
Deployment Automation for Hybrid Cloud and Multi-Platform EnvironmentsIBM UrbanCode Products
 
Continuous Everything
Continuous EverythingContinuous Everything
Continuous EverythingAndrea Tino
 
[WSO2Con EU 2017] Continuous Integration, Delivery and Deployment: Accelerate...
[WSO2Con EU 2017] Continuous Integration, Delivery and Deployment: Accelerate...[WSO2Con EU 2017] Continuous Integration, Delivery and Deployment: Accelerate...
[WSO2Con EU 2017] Continuous Integration, Delivery and Deployment: Accelerate...WSO2
 
DevOps For Everyone: Bringing DevOps Success to Every App and Every Role in y...
DevOps For Everyone: Bringing DevOps Success to Every App and Every Role in y...DevOps For Everyone: Bringing DevOps Success to Every App and Every Role in y...
DevOps For Everyone: Bringing DevOps Success to Every App and Every Role in y...Siva Rama Krishna Chunduru
 
Agility and Control from AWS [FutureStack16]
Agility and Control from AWS [FutureStack16]Agility and Control from AWS [FutureStack16]
Agility and Control from AWS [FutureStack16]New Relic
 
DevOps CTO Masterclass | Webinar Oct. 2020
DevOps CTO Masterclass | Webinar Oct. 2020DevOps CTO Masterclass | Webinar Oct. 2020
DevOps CTO Masterclass | Webinar Oct. 2020Cyber-Duck
 
How to go from waterfall app dev to secure agile development in 2 weeks
How to go from waterfall app dev to secure agile development in 2 weeks How to go from waterfall app dev to secure agile development in 2 weeks
How to go from waterfall app dev to secure agile development in 2 weeks Ulf Mattsson
 

Similar to Tracking license compliance made easy - intro to Grant (OSS) (20)

Introducing Continuous Integration Using Vsts
Introducing Continuous Integration Using VstsIntroducing Continuous Integration Using Vsts
Introducing Continuous Integration Using Vsts
 
Accelerate User Driven Innovation [Webinar]
Accelerate User Driven Innovation [Webinar]Accelerate User Driven Innovation [Webinar]
Accelerate User Driven Innovation [Webinar]
 
Enterprise DevOps and the Modern Mainframe Webcast Presentation
Enterprise DevOps and the Modern Mainframe Webcast PresentationEnterprise DevOps and the Modern Mainframe Webcast Presentation
Enterprise DevOps and the Modern Mainframe Webcast Presentation
 
Data Engineer's Lunch #68: DevOps Fundamentals
Data Engineer's Lunch #68: DevOps FundamentalsData Engineer's Lunch #68: DevOps Fundamentals
Data Engineer's Lunch #68: DevOps Fundamentals
 
Agile Code Reviews: Supporting collaboration and improving production uptime ...
Agile Code Reviews: Supporting collaboration and improving production uptime ...Agile Code Reviews: Supporting collaboration and improving production uptime ...
Agile Code Reviews: Supporting collaboration and improving production uptime ...
 
DevOps on AWS
DevOps on AWSDevOps on AWS
DevOps on AWS
 
Dops 1033 dev-ops_review_final
Dops 1033 dev-ops_review_finalDops 1033 dev-ops_review_final
Dops 1033 dev-ops_review_final
 
DevOps Delivery Pipeline
DevOps Delivery PipelineDevOps Delivery Pipeline
DevOps Delivery Pipeline
 
Salesforce cicd integration a quick guide
Salesforce cicd integration a quick guideSalesforce cicd integration a quick guide
Salesforce cicd integration a quick guide
 
Webinar: “Continuous Delivery: il tuo primo passo verso il DevOps”
Webinar: “Continuous Delivery: il tuo primo passo verso il DevOps”Webinar: “Continuous Delivery: il tuo primo passo verso il DevOps”
Webinar: “Continuous Delivery: il tuo primo passo verso il DevOps”
 
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer ToolsDevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
 
Make Software Audit Nightmares a Thing of the Past
Make Software Audit Nightmares a Thing of the PastMake Software Audit Nightmares a Thing of the Past
Make Software Audit Nightmares a Thing of the Past
 
Webinar : Microservices and Containerization
Webinar : Microservices and ContainerizationWebinar : Microservices and Containerization
Webinar : Microservices and Containerization
 
Deployment Automation for Hybrid Cloud and Multi-Platform Environments
Deployment Automation for Hybrid Cloud and Multi-Platform EnvironmentsDeployment Automation for Hybrid Cloud and Multi-Platform Environments
Deployment Automation for Hybrid Cloud and Multi-Platform Environments
 
Continuous Everything
Continuous EverythingContinuous Everything
Continuous Everything
 
[WSO2Con EU 2017] Continuous Integration, Delivery and Deployment: Accelerate...
[WSO2Con EU 2017] Continuous Integration, Delivery and Deployment: Accelerate...[WSO2Con EU 2017] Continuous Integration, Delivery and Deployment: Accelerate...
[WSO2Con EU 2017] Continuous Integration, Delivery and Deployment: Accelerate...
 
DevOps For Everyone: Bringing DevOps Success to Every App and Every Role in y...
DevOps For Everyone: Bringing DevOps Success to Every App and Every Role in y...DevOps For Everyone: Bringing DevOps Success to Every App and Every Role in y...
DevOps For Everyone: Bringing DevOps Success to Every App and Every Role in y...
 
Agility and Control from AWS [FutureStack16]
Agility and Control from AWS [FutureStack16]Agility and Control from AWS [FutureStack16]
Agility and Control from AWS [FutureStack16]
 
DevOps CTO Masterclass | Webinar Oct. 2020
DevOps CTO Masterclass | Webinar Oct. 2020DevOps CTO Masterclass | Webinar Oct. 2020
DevOps CTO Masterclass | Webinar Oct. 2020
 
How to go from waterfall app dev to secure agile development in 2 weeks
How to go from waterfall app dev to secure agile development in 2 weeks How to go from waterfall app dev to secure agile development in 2 weeks
How to go from waterfall app dev to secure agile development in 2 weeks
 

Recently uploaded

Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 

Recently uploaded (20)

Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 

Tracking license compliance made easy - intro to Grant (OSS)

  • 1. Tracking License Compliance Made Easy - Intro to Grant (OSS) Christopher Phillips Software Engineer Anchore Daniel Nurmi CTO Anchore
  • 2. Housekeeping 01 02 03 All participant lines are muted Questions will be accepted throughout, enter questions via Q&A panel You will receive a follow-up email with a link to the recording 04 Please respond to poll questions as they are appear on your screen
  • 3. Anchore | Software Supply Chain Management Anchore | Software Supply Chain Management Securing your software supply chain with a frictionless developer experience that optimizes velocity Your DevOps Process Run Deploy Test Build Develop Source
  • 4. Agenda Introductions 01 02 Open Source License Headaches 03 Automating License Lists and their Component Associations 04 Q&A
  • 5. Consumers Need More Than Your Product
  • 7. This is a good problem to have Usually only have to do when you’ve gained a customer, however…
  • 13. This seems more complicated than it should be… v2.0.1 v1.0 v2.0 v3.0
  • 14. Challenges when manually building that sheet ● Often lots of repeatable work that’s hard to persist over changes ● Better for machines to recognize the actual license ID ● Context of the reviewer on if licenses should be accepted as is or if SPDX the statement has wiggle room
  • 15. Challenges when building bespoke specialized tooling ● Works for only certain images and hard when application requirements change ● Scaling into different processes is hard and requires more development time ● Always switching contexts between delivering for the customer and delivering compliance and process
  • 16. How do we move towards a generalized SBOM path?
  • 18. Combining Tools for Best Results
  • 19. Remove Developers From The Interruption Path
  • 23. Single Click - Packages and Licenses -
  • 24. Anchore Enterprise Software Composition Analysis from Code to Cloud Cloud-native Focus Fast scanning of containerized applications, at scale High Fidelity SBOMs to identify OSS dependencies and security issues Multi-stage scanning across Git, CI/CD, Registry, and Kubernetes Open Source Centric End to End Coverage Controls for NIST, FedRAMP, DISA and more. Compliance Automation
  • 25. Anchore Enterprise Software Composition Analysis from Code to Cloud Cloud-native Focus Fast scanning of containerized applications, at scale High Fidelity SBOMs to identify OSS dependencies and security issues Multi-stage scanning across Git, CI/CD, Registry, and Kubernetes Open Source Centric End to End Coverage Controls for NIST, FedRAMP, DISA and more. Compliance Automation
  • 26. Next Steps Get started with Grant today and contribute https://github.com/anchore/grant Join our community Slack https://get.anchore.com/join-anchore-community/ Next community meeting https://github.com/anchore/syft?tab=readme-ov-file#join- our-community-meetings Learn more about Anchore Enterprise https://anchore.com/platform
  • 27. Thank you for joining! Schedule a demo of our platform at get.anchore.com/demo-request