Upload
others
View
9
Download
0
Embed Size (px)
Citation preview
Open Source Compliance Tool Chain
Meeting May 6th 2019: Open Chain
siemens.tld/keywordRestricted © Siemens AG 2019
2019Unrestricted Oliver Fendt
Resources4
Specific Elements3
Big Picture2
General description1
OSS Compliance Tool Chain
2019Unrestricted Oliver Fendt
Resources4
Specific Elements3
Big Picture2
General description1
OSS Compliance Tool Chain
2019Unrestricted Oliver Fendt
The tools need to be “orchestrable” as needed as well as adaptable as neededd
The compliance workflow / process needs to be part of the development / CI/CD processc
We have a huge network of suppliers / their deliverables must be license compliantb
Compliance is required by lawa
OSS Compliance Tool Chain why the OSS way
Budget constraints for license compliance work are given at all companiese
The only approach which copes with all constraints is an OSS based compliance toolchain
Installed legacyf
2019Unrestricted Oliver Fendt
The Project “Sharing Creates Value”
“Combining the existing tools to an integrated OSS Compliance Tool Chain”c
Sharing OSS compliance artifactsb
“This repo realizes the idea that Open Source Software (OSS) compliance activities will be less expensive by applying OSS principles”a
https://github.com/Open-Source-Compliance/Sharing-creates-value
2019Unrestricted Oliver Fendt
Big Picture – Integrated Compliance Toolchain
CI / CD Infrastructure
License & Copyright Scanner
ComponentAnalysis Service
Compliance artifact
consistency
Componentinventory(Metadata
Repository)
Dependencyresolver
Source package
downloader
Container contentresolver
License ObligationsDatabase
Policy checker
(Compliance Checker)
Obligation fulfillment
Build Tools
Continous IntegrationArtifact Repository
Source Code Repo
outboundsoftware
&compliance
artifacts
FOSS Compliance
Bundle generator
Binary analyser
Inbound software
Public compliance
artifactrepos
contributions
Integration layer (API/Data) Integration layer (API/Data)
Integration layer (API/Data)
Integration layer (API/Data) Integration layer (API/Data) Integration layer (API/Data) Integration layer (API/Data)
Integration layer (API/Data) Integration layer (API/Data) Integration layer (API/Data) Integration layer (API/Data) Integration layer (API/Data)
License: CC-BY-SA-4.0
2019Unrestricted Oliver Fendt
Big Picture – Integrated Compliance ToolchainInstance
CI / CD Infrastructure
ComponentAnalysis Service
Compliance artifact
consistency
Container contentresolver
Build Tools
Continous IntegrationArtifact Repository
Source Code Repo
outboundsoftware
&compliance
artifacts
Binary analyser
Inbound software
Public compliance
artifactrepos
contributions
Integration layer (API/Data) Integration layer (API/Data)
Integration layer (API/Data)
Integration layer (API/Data) Integration layer (API/Data) Integration layer (API/Data) Integration layer (API/Data)
Integration layer (API/Data) Integration layer (API/Data) Integration layer (API/Data) Integration layer (API/Data) Integration layer (API/Data)
License: CC-BY-SA-4.0
2019Unrestricted Oliver Fendt
Conclusion and Plans
Define the interfaces to implement the use casesc
b
Define and describe most relevant use casesa
Let‘s build an OSS compliance tool chain together, this is no differentiating business element – it is simply required by law
Define a suited data model for implementing the use cases
Implement use cases d