OSS Review Toolkit: Using FOSS Tools for FOSS Reviews in CI/CD World
In an ideal world, a FOSS review is highly automated and done often and early so that any FOSS issues - whether technical, licenses or security - can be caught and resolved as they appear. However, de …
| Talk Title | OSS Review Toolkit: Using FOSS Tools for FOSS Reviews in CI/CD World |
| Speakers | Thomas Steenbergen (Head of Open Source, HERE Technologies) |
| Conference | Open Source Summit + ELC Europe |
| Conf Tag | |
| Location | Lyon, France |
| Date | Oct 27-Nov 1, 2019 |
| URL | Talk Page |
| Slides | Talk Slides |
| Video | |
In an ideal world, a FOSS review is highly automated and done often and early so that any FOSS issues - whether technical, licenses or security - can be caught and resolved as they appear. However, despite many proprietary tools existing, the OSS community has been without review tooling that is compatible with modern SW development practices like using package managers, continuous integration and continuous delivery (CI/CD).Without this review capability, FOSS projects often are released without clear metadata, resulting in reduced adoption and contribution numbers, rendering the projects less successful.In this talk, we demonstrate the latest version of OSS Review Toolkit (ORT) which enables highly automated OSS reviews within CI/CD by combining FOSS dependency and scanning tools like ScanCode with ClearlyDefined, a platform to discover, curate and share FOSS component metadata.
