際際滷

際際滷Share a Scribd company logo

How to Manage Open Source requirements with AboutCode

Download as PPTX, PDF
nexB Inc.
nexB Inc.

Presentation from nexB Inc. by Dennis Clark, Product Manager, and Pierre Lapointe, Customer Care Manager. Attendees discovered how to manage open source (and third-party) software license requirements in their products with AboutCode, nexB's open source project available on GitHub. The presentation included: - How to document provenance (origin and license) and other important information about software components inside a codebase, - How to automate OSS Attribution Notice generation. More information on http://www.aboutcode.org/.

1 of 11
Download to read offline
How to Manage Open Source Requirements with AboutCode
How to Manage Open Source Requirements with AboutCode Agenda About nexB Attribution Generation with AboutCode Q&A
How to Manage Open Source Requirements with AboutCode About nexB Our business is software component management with a focus on managing license compliance risks Offering o DejaCode - SaaS or on-premises o Open Source audit services o Open Source scanning (ScanCode) and attribution generation tools (AboutCode) We are o Software provenance analysis experts o Active open source developers & Linux Foundation member o Co-founders of SPDX project - http://spdx.org/
How to Manage Open Source Requirements with AboutCode AboutCode and DejaCode nexB offers two OSS Compliance solutions: AboutCode for engineering/product teams o Basic system that can be adapted for any technology platform or language o Can be integrated into build systems o Open source license Apache 2.0 DejaCode for the enterprise o Enterprise application designed for use by legal, engineering and business staff across all products and technologies o Import data from any engineering-level system and from external sources (system of record for product releases) o Subscription for SaaS (or on-premises)
How to Manage Open Source Requirements with AboutCode AboutCode nexB created the AboutCode tools to automate OSS compliance o Based on ABOUT specification v1.0 o An ABOUT file documents the origin and license for each component, usually at the library or directory level o An ABOUT file = text file with file extension .ABOUT o Applicable to any programming language and software development environment o Extensible for build system integration for advanced automation o Currently offered as command line tools Written in Python and licensed under Apache 2.0 Code and specification available at https://github.com/dejacode/about-code-tool
How to Manage Open Source Requirements with AboutCode AboutCode Compliance Lifecycle
How to Manage Open Source Requirements with AboutCode ABOUT File Example A text file in tag / value format: httpd-2.4.3.tar.gz.about name: Apache HTTP Server home_url: http://httpd.apache.org download_url: http://apache.belnet.be//httpd/httpd2.4.3.tar.gz version: 2.4.3 date: 2012-08-21 license: apache-2.0 license_file: httpd-2.4.3.tar.gz/LICENSE copyright: Copyright 2012 The Apache Software Foundation. notice_file: httpd-2.4.3.tar.gz/NOTICE
How to Manage Open Source Requirements with AboutCode AboutCode tools Create ABOUT files inside a codebase from a Software BOM or Inventory file (spreadsheet or other) Create a Software BOM or Inventory file (spreadsheet or other) from ABOUT files in the codebase Generate an Attribution Notices file o Text file organized by copyright/license notice and component o Default text or HTML format Generate a Source Code Redistribution package list
How to Manage Open Source Requirements with AboutCode AboutCode Demonstration Example based on e2fsprogs project o Package included in most Linux distributions o Set of utilities under different licenses Software Inventory file to create ABOUT files ABOUT files as created Generated Attribution Notice 9
How to Manage Open Source Requirements with AboutCode Questions
How to Manage Open Source Requirements with AboutCode Contacts nexB Inc. http://www.nexb.com/ http://www.dejacode.com/ http://www.aboutcode.org/ Pierre Lapointe plapointe@nexB.com +1 415 287 7643

More Related Content

How to Manage Open Source requirements with AboutCode

  • 1. How to Manage Open Source Requirements with AboutCode
  • 2. How to Manage Open Source Requirements with AboutCode Agenda About nexB Attribution Generation with AboutCode Q&A
  • 3. How to Manage Open Source Requirements with AboutCode About nexB Our business is software component management with a focus on managing license compliance risks Offering o DejaCode - SaaS or on-premises o Open Source audit services o Open Source scanning (ScanCode) and attribution generation tools (AboutCode) We are o Software provenance analysis experts o Active open source developers & Linux Foundation member o Co-founders of SPDX project - http://spdx.org/
  • 4. How to Manage Open Source Requirements with AboutCode AboutCode and DejaCode nexB offers two OSS Compliance solutions: AboutCode for engineering/product teams o Basic system that can be adapted for any technology platform or language o Can be integrated into build systems o Open source license Apache 2.0 DejaCode for the enterprise o Enterprise application designed for use by legal, engineering and business staff across all products and technologies o Import data from any engineering-level system and from external sources (system of record for product releases) o Subscription for SaaS (or on-premises)
  • 5. How to Manage Open Source Requirements with AboutCode AboutCode nexB created the AboutCode tools to automate OSS compliance o Based on ABOUT specification v1.0 o An ABOUT file documents the origin and license for each component, usually at the library or directory level o An ABOUT file = text file with file extension .ABOUT o Applicable to any programming language and software development environment o Extensible for build system integration for advanced automation o Currently offered as command line tools Written in Python and licensed under Apache 2.0 Code and specification available at https://github.com/dejacode/about-code-tool
  • 6. How to Manage Open Source Requirements with AboutCode AboutCode Compliance Lifecycle
  • 7. How to Manage Open Source Requirements with AboutCode ABOUT File Example A text file in tag / value format: httpd-2.4.3.tar.gz.about name: Apache HTTP Server home_url: http://httpd.apache.org download_url: http://apache.belnet.be//httpd/httpd2.4.3.tar.gz version: 2.4.3 date: 2012-08-21 license: apache-2.0 license_file: httpd-2.4.3.tar.gz/LICENSE copyright: Copyright 2012 The Apache Software Foundation. notice_file: httpd-2.4.3.tar.gz/NOTICE
  • 8. How to Manage Open Source Requirements with AboutCode AboutCode tools Create ABOUT files inside a codebase from a Software BOM or Inventory file (spreadsheet or other) Create a Software BOM or Inventory file (spreadsheet or other) from ABOUT files in the codebase Generate an Attribution Notices file o Text file organized by copyright/license notice and component o Default text or HTML format Generate a Source Code Redistribution package list
  • 9. How to Manage Open Source Requirements with AboutCode AboutCode Demonstration Example based on e2fsprogs project o Package included in most Linux distributions o Set of utilities under different licenses Software Inventory file to create ABOUT files ABOUT files as created Generated Attribution Notice 9
  • 10. How to Manage Open Source Requirements with AboutCode Questions
  • 11. How to Manage Open Source Requirements with AboutCode Contacts nexB Inc. http://www.nexb.com/ http://www.dejacode.com/ http://www.aboutcode.org/ Pierre Lapointe plapointe@nexB.com +1 415 287 7643