OSS Review Toolkit: Automating FOSS Reviews within CI/CD
In an ideal world, a FOSS review is highly automated and done often and early so that any FOSS issues - whether technical, licenses or security - can be caught and resolved as they appear. The OSS com …
Talk Title | OSS Review Toolkit: Automating FOSS Reviews within CI/CD |
Speakers | Thomas Steenbergen (Head of Open Source, HERE Technologies) |
Conference | Open Source Summit North America |
Conf Tag | |
Location | Vancouver, BC, Canada |
Date | Aug 27-31, 2018 |
URL | Talk Page |
Slides | Talk Slides |
Video | |
In an ideal world, a FOSS review is highly automated and done often and early so that any FOSS issues - whether technical, licenses or security - can be caught and resolved as they appear. The OSS community currently lacks review tooling that is compatible with modern SW development practices like using package managers, continuous integration and continuous delivery (CI/CD). Without this review capability, FOSS projects often are released without clear metadata, resulting in reduced adoption and number of contributions thereby making the projects less successful. In this talk, Thomas presents and demonstrates OSS Review Toolkit (ORT) which enables highly automated FOSS reviews within CI/CD by combining existing FOSS dependency and scanning tools with ClearlyDefined, a platform to discover, curate and share FOSS component metadata. See also https://github.com/heremaps/oss-review-toolkit