Compliance Puzzle, Building an OSS Compliance Toolchain with Open Source Technologies
Open Source Compliance affects most development projects within an organization. Many of the activities are tedious work or require special knowledge, which are typically not favored by the teams. But …
| Talk Title | Compliance Puzzle, Building an OSS Compliance Toolchain with Open Source Technologies |
| Speakers | Sebastian Schuberth (Senior Expert Open Source Services, Bosch Software Innovations GmbH) |
| Conference | Open Source Summit + ELC Europe |
| Conf Tag | |
| Location | Lyon, France |
| Date | Oct 27-Nov 1, 2019 |
| URL | Talk Page |
| Slides | Talk Slides |
| Video | |
Open Source Compliance affects most development projects within an organization. Many of the activities are tedious work or require special knowledge, which are typically not favored by the teams. But help is at hand, activities can be automated in a way that keeps effort out of projects and enables back offices to efficiently process the special knowledge activities like license evaluation. These toolchains typically identify transitive 3rd party dependencies in codebases, enrich found dependencies with the known compliance metadata, trigger back office tasks, run company policy checks on the aquired data and produce the reports and legal notices defined as process outputs. The Open Source world contains lots of bits and pieces for these activities but the art is to plug them together to a working, industry scale toolchain. In this talk we present our approach at Bosch and its connection to the activities of communities like the Tooling Landscape Group, the TODO Group and OpenChain.
