OpenChain Reference Tooling Work Group in 2020
The OpenChain Reference Tooling Work Group meets on a bi-weekly schedule via teleconference to discuss one of the most pressing issues around open source compliance: how do we automate as much as possible? The work group has been active since summer 2019 in mapping out how references toolchains can be described and shared, enabling companies new to automation or exploring automation using open source to begin engagement with the field. The core concept behind the work group is to foster a situation where any company wishing to use open source tooling for open source compliance can do so, and making it clear where interoperability resources can be focused in companies operating a hybrid approach of proprietary tools and open source.
2. OpenChain reference tooling work group Licensed under CC-BY-SA-4.0 Oliver Fendt
The OSS Ecosystem as a Meta Organization
3. OpenChain reference tooling work group Licensed under CC-BY-SA-4.0 Oliver Fendt
The OSS Ecosystem as a Meta Organization
The Open Source ecosystem is the most
powerful innovation incubator of the world
4. OpenChain reference tooling work group Licensed under CC-BY-SA-4.0 Oliver Fendt
The OSS Ecosystem as a Meta Organization
The Open Source ecosystem is the largest
software creator of the world
5. OpenChain reference tooling work group Licensed under CC-BY-SA-4.0 Oliver Fendt
The OSS Ecosystem as a Meta Organization
The Open Source ecosystem is the largest
software supplier of the world
8. OpenChain reference tooling work group Licensed under CC-BY-SA-4.0 Oliver Fendt
The OSS Ecosystem as a Meta Organization
The Open Source ecosystem lacks integrated
and automated Open Source compliance
toolchains
9. OpenChain reference tooling work group Licensed under CC-BY-SA-4.0 Oliver Fendt
An Open Source license compliance toolchain
has to be Open Source itself
10. OpenChain reference tooling work group Licensed under CC-BY-SA-4.0 Oliver Fendt
An Open Source project needs to be created
An “organization” needs to be set up
11. OpenChain reference tooling work group Licensed under CC-BY-SA-4.0 Oliver Fendt
Reference Tooling Work Group
12. OpenChain reference tooling work group Licensed under CC-BY-SA-4.0 Oliver Fendt
The OpenChain Reference Tooling Work Group
World-Wide Collaboration, World-Wide Availability
13. OpenChain reference tooling work group Licensed under CC-BY-SA-4.0 Oliver Fendt
The OpenChain Reference Tooling Work Group -
Mission
We are building an open source compliance toolchain ecosystem with
open source tools as an open source project.
To accomplish this we:
• Use existing independent tooling projects
• Provide reference workflows to allow their adoption
• Provide the concepts and glue code to ensure easy interoperability and
integration in existing environments
• Provide reference turnkey toolchains that can be used without fees by
anybody
14. OpenChain reference tooling work group Licensed under CC-BY-SA-4.0 Oliver Fendt
CI / CD Infrastructure
Build Tools
Continuous
Integration
Artifact Repository
Source Code Repo
Outbound
software
&
Compliance
artifacts
Inbound
software
Contributions
Dependency resolver Binary analyzerContainer content resolver Source package downloader Component & application
metadata repository
License & Copyright Scanner
FOSS Compliance
Bundle generator
License metadata
repository
Public
compliance
artifact repos
Issue Tracker
Forensic
Code
Analysis
Service
Compliance
artifact
consistency
Integration layer (API/Data)
ScanCode
License Classifier
Integration layer (API/Data)Integration layer (API/Data)
Integration layer (API/Data) Integration layer (API/Data) Integration layer (API/Data) Integration layer (API/Data) Integration layer (API/Data) Integration layer (API/Data)
Integration layer (API/Data) Integration layer (API/Data)Integration layer (API/Data)
Bang
Example Automation Implementation Using Open Source Tools
15. OpenChain reference tooling work group Licensed under CC-BY-SA-4.0 Oliver Fendt
OpenChain Reference Tooling Work Group
will realize automated and integrated Open
Source compliance toolchains, which easily
can be used free of charge
16. OpenChain reference tooling work group Licensed under CC-BY-SA-4.0 Oliver Fendt
In short words
OSS license compliance for everyone
This is what we do
Join us
17. OpenChain reference tooling work group Licensed under CC-BY-SA-4.0 Oliver Fendt
How to get involved
Github:
https://github.com/Open-Source-Compliance/Sharing-creates-value
Slack:
https://join.slack.com/t/ossbasedcompl-
bhx9742/shared_invite/enQtODE2MTMxNzUyNDY1LWQyNWVlNzkyMjhhOWUyND
djNDJlMzk0YzU0NDUwNzQ2YzY0Mzc1N2Y2NjhhZGEyN2JmNDE0ZTg2MTBjYmM
3MWI
Mailing List:
Subscription page: https://groups.io/g/oss-based-compliance-tooling
Email address: oss-based-compliance-tooling@groups.io
18. Oliver FendtOpenChain Reference Tooling Work Group 2019 License: CC-BY-SA-4.0 Oliver FendtLicense: CC-BY-SA-4.0
Reference Tooling Work Group
Join Us in Creating a New Era for Open Source Compliance
Mailing List: oss-based-compliance-tooling@groups.io
Subscription page: https://groups.io/g/oss-based-compliance-tooling
Online meetings: Bi-weekly - Invitations are sent to the mailing list
Website: https://oss-compliance-tooling.org/
And of course we are on GitHub:
https://github.com/Open-Source-Compliance/Sharing-creates-value
World-Wide Collaboration, World-Wide AvailabilityWe are building an open source compliance toolchain ecosystem
with open source tools as an open source project.
To accomplish this we:
• Use existing independent tooling projects
• Provide reference workflows to allow their adoption
• Provide the concepts and glue to ensure easy interoperability and
integration in existing environments
• Provide reference turnkey toolchains that can be used without
fees by anybody
Example Automation Implementation Using Open Source Tools