Open Source License Compliance Tools

June 16, 2021

By , Assistant Director 


Event Information:

Date and time: Tuesday, July 13, 2021; 08:00am PST

Register here

Abstract: Open source has changed deeply how projects and products are created; they are now assembled mostly from many diverse and fast evolving third-party open source packages and components instantly downloadable from millions of repositories on the web. Therefore, we need workflows and supporting tools to keep up with this volume, diversity and speed:

- to ensure open source origin traceability,
- to achieve open source license compliance, and
- to proactively manage security, quality, sustainability and currency of these many components.

In this talk, we will present practical examples of workflow for open source and how to integrate these in a continuous integration / delivery pipeline with a focus on origin tracing and license compliance. A key component of our examples is the use of free and open source tools themselves (such as ScanCode and other tools) to ensure we know what open source is included in the deliverable and assemble the necessary legal and credit notices.

ScanCode is an open source project, and the presenter is its leading developer.

Bio: Philippe Ombredanne is the chief technology officer at nexB, Inc. Los Altos, California; the maintainer of the ScanCode toolkit project; and a lead maintainer for free and open source (FOSS) projects with a mission to enable easier and safer reuse of FOSS code with best in class open source Software Composition Analysis tools for open source origin discovery, license & security compliance. Philippe contributes to several other open source projects including to the Linux kernel SPDX-ification; the SPDX and ACT projects at the Linux Foundation, the ClearlyDefined projects, strace, several Python tools, and previously to JBoss, Eclipse and Mozilla. Philippe has also been a long time Google Summer of Code mentor and org admin.