Workshop: Hands On FOSSology, SW360 and SPDX
FOSSology and SW360 are both software projects in the area of OSS license compliance. FOSSology can run license, copyright and export control scans and has a Web user interface providing a compliance …
|Talk Title||Workshop: Hands On FOSSology, SW360 and SPDX|
|Speakers||Michael C. Jaeger (Project Lead, Siemens AG)|
|Conference||Open Source Summit + ELC North America|
|Location||San Diego, CA, USA|
|Date||Aug 19-23, 2019|
FOSSology and SW360 are both software projects in the area of OSS license compliance. FOSSology can run license, copyright and export control scans and has a Web user interface providing a compliance workflow. SW360 allows organizations for maintaining a component inventory – the software bill-of-material (S-BOM). SW360 generates license compliance documentation for all involved (OSS) components of a product. It enables other use cases in the area of vulnerability management or export control. SPDX is a specification for exchanging license compliance (and more) information about software deliveries.This tutorial performs a walkthrough on how to implement license compliance. From a java build, dependency information is sent to an SW360 server. In SW360, sending source code to FOSSology triggers license scanning resulting in SPDX documents. Then, SW360 generates license compliance documentation. The tutorial will provide an example case based on a Java software project.