February 21, 2020

218 words 2 mins read

Workshop: Hands On FOSSology, SW360 and SPDX

Workshop: Hands On FOSSology, SW360 and SPDX

FOSSology and SW360 are both software projects in the area of OSS license compliance. FOSSology can run license, copyright and export control scans and has a Web user interface providing a compliance …
Talk Title Workshop: Hands On FOSSology, SW360 and SPDX
Speakers Michael C. Jaeger (Project Lead, Siemens AG)
Conference Open Source Summit + ELC North America
Conf Tag
Location San Diego, CA, USA
Date Aug 19-23, 2019
URL Talk Page
Slides Talk Slides
Video

FOSSology and SW360 are both software projects in the area of OSS license compliance. FOSSology can run license, copyright and export control scans and has a Web user interface providing a compliance workflow. SW360 allows organizations for maintaining a component inventory – the software bill-of-material (S-BOM). SW360 generates license compliance documentation for all involved (OSS) components of a product. It enables other use cases in the area of vulnerability management or export control. SPDX is a specification for exchanging license compliance (and more) information about software deliveries.This tutorial performs a walkthrough on how to implement license compliance. From a java build, dependency information is sent to an SW360 server. In SW360, sending source code to FOSSology triggers license scanning resulting in SPDX documents. Then, SW360 generates license compliance documentation. The tutorial will provide an example case based on a Java software project.

java code management tutorial vulnerability workshop use case
comments powered by Disqus
IoT Action at the Edge EdgeX Foundry 1.0 Released!

IoT Action at the Edge EdgeX Foundry 1.0 Released!

February 13, 2020

EdgeX Foundry introduced here last year recently announced its 1.0 release! The yearbegan with moving the code base from Java to Go to realize a smaller code foot print, lower memory needs, and speedi …
Maintainable Bash Scripting

Maintainable Bash Scripting

February 12, 2020

You find them everywhere in software projects, bash scripts are the duct tape and chewing gum that hold together all the disparate software services. They are frequently used to wrap java programs, in …
Where is my Code Vulnerable: Matching CVEs and Source Code

Where is my Code Vulnerable: Matching CVEs and Source Code

February 7, 2020

Surprisingly, often it's hard to find the precise correspondence between a known software vulnerability (in CVE) and the exact origin of the software (Maven coordinates or github repo/tag). Ideally, t …
Continuous delivery in an ephemeral world

Continuous delivery in an ephemeral world

January 17, 2020

With systems like Travis CI, Circle CI, and CodeBuild, we're never more than a few lines of YAML away from a complete continuous delivery pipeline. However, ephemeral build systems constantly recreate the world from scratch, increasing build time and lengthening the CD feedback loop. John Chapin addresses those challenges and shares a reference pipeline using AWS CodePipeline and CodeBuild.
Migrating Apache Oozie workflows to Apache Airflow

Migrating Apache Oozie workflows to Apache Airflow

January 8, 2020

Apache Oozie and Apache Airflow (incubating) are both widely used workflow orchestration systems, the former focusing on Apache Hadoop jobs. Feng Lu, James Malone, Apurva Desai, and Cameron Moberg explore an open source Oozie-to-Airflow migration tool developed at Google as a part of creating an effective cross-cloud and cross-system solution.
Analytics Zoo: Distributed TensorFlow in production on Apache Spark

Analytics Zoo: Distributed TensorFlow in production on Apache Spark

December 27, 2019

Yuhao Yang and Jennie Wang demonstrate how to run distributed TensorFlow on Apache Spark with the open source software package Analytics Zoo. Compared to other solutions, Analytics Zoo is built for production environments and encourages more industry users to run deep learning applications with the big data ecosystems.