January 31, 2020

236 words 2 mins read

Compliance Puzzle, Building an OSS Compliance Toolchain with Open Source Technologies

Compliance Puzzle, Building an OSS Compliance Toolchain with Open Source Technologies

Open Source Compliance affects most development projects within an organization. Many of the activities are tedious work or require special knowledge, which are typically not favored by the teams. But …

Talk Title Compliance Puzzle, Building an OSS Compliance Toolchain with Open Source Technologies
Speakers Sebastian Schuberth (Senior Expert Open Source Services, Bosch Software Innovations GmbH)
Conference Open Source Summit + ELC Europe
Conf Tag
Location Lyon, France
Date Oct 27-Nov 1, 2019
URL Talk Page
Slides Talk Slides
Video

Open Source Compliance affects most development projects within an organization. Many of the activities are tedious work or require special knowledge, which are typically not favored by the teams. But help is at hand, activities can be automated in a way that keeps effort out of projects and enables back offices to efficiently process the special knowledge activities like license evaluation. These toolchains typically identify transitive 3rd party dependencies in codebases, enrich found dependencies with the known compliance metadata, trigger back office tasks, run company policy checks on the aquired data and produce the reports and legal notices defined as process outputs. The Open Source world contains lots of bits and pieces for these activities but the art is to plug them together to a working, industry scale toolchain. In this talk we present our approach at Bosch and its connection to the activities of communities like the Tooling Landscape Group, the TODO Group and OpenChain.

comments powered by Disqus