Download to read offline
Uploaded byShane Coughlan
FOSSLight Open Source Project
FOSSLight is an open source project that provides an all-in-one tool and system for open source compliance and vulnerability management. It includes scanners to detect open source components in source code, dependencies, and binaries. It also provides features for bill of materials management, open source notices, and OpenChain conformance. The FOSSLight project is available on GitHub and aims to help software teams streamline their open source governance process.
More Related Content
FOSSLight Open Source Project
- 1. FOSSLight Open Source Project 2021.7. 6. Kyoungae Kim OpenChain Webinar
- 2. 1 / 29 Contents 1.What is FOSSLight? 2. Why FOSSLight System? 3. FOSSLight Open Source Project
- 3.
- 4. 3 / 29 LGEOSC Process WE NEED A TOOL & SYSTEM
- 5. 4 / 29 OSPO SWdevelopment team LGE OSC Process & FOSSLight Step1. Identification Step 4. Distribution Step 2. Approval Step 3. Notice & Verification Analyze open source Request for analysis review Create OSS Package OSS Package Distribute OSS distribution site Notice OSS Notice & OSS Package Notice OSS Notice Review OSS Package Review analysis result BOM OSS BOM & Obligation OSS report FOSSLight report FOSSLight Scanner FOSSLight FOSSLight Open Source Project Software
- 6. 5 / 29 FOSSLightScanner Dependency Binary Source Code Source Scanner Dependency Scanner Binary Scanner Android Yocto Platform specific npm pip maven gradle pods ∙∙∙ ScanCode
- 7. 6 / 29 OSS License Vulnera bility 3rd Party Project Self checkRest API CI/CD FOSSLight System All-in-one Open Source Compliance & Vulnerability Project OSC Process License / OSS Vulnerability 3rd Party Project 3rd Party OSS Management Self-Check Check OSS, License, Vulnerability without OSPO Review
- 8. 7 / 29 FOSSLightSource Scanner Detect Copyright & License text String Search Use ScanCode Cannot find OSS Name https://github.com/fosslight/fosslight_source_scanner
- 9. 8 / 29 FOSSLightDependency Scanner Print OSS information based on dependencies. Available Package Manager Gradle (Java/Android) Maven (Java) NPM (Node.js) Pypi (Python) Pub (Dart with flutter) Cocoapods (Swift/Obj-C) Direct Dependency & Transitive Dependency https://github.com/fosslight/fosslight_dependency_scanner
- 10. 9 / 29 FOSSLightRelease soon.. FOSSLight Binary Scanner Doesn’t scan binary itself. Just calculate checksum(same) and TLSH(similar) Compare with Binary DB Information and extract OSS Information FOSSLight REUSE Reuse (https://github.com/fsfe/reuse-tool) Check Copyright/License writing rules in Source Code
- 11.
- 12. 11 / 29 ProjectDashboard
- 13. 12 / 29 BOMManagement (1/2) https://linuxfoundation.org/blog/what-is-an-sbom/
- 14. 13 / 29 BOMManagement (2/2)
- 15. 14 / 29 BOMCompare
- 16. 15 / 29 SameOSS (Nickname)
- 17. 16 / 29 SameOSS (Nickname)
- 18. 17 / 29 SameLicense (Nickname)
- 19. 18 / 29 SupportVarious OSS Notice Format
- 20.
- 21. 20 / 29 OpenChainConformance
- 22. FOSSLight Open SourceProject
- 23. 22 / 29 FOSSLightOpen Source Project FOSS (Free and Open Source Software) + Light
- 24. 23 / 29 FOSSLight https://FOSSLight.org https://demo.FOSSLight.org https://FOSSLight.org/fosslight-guide
- 25. 24 / 29 FOSSLightPress Release
- 26. 25 / 29 GithubStar
- 27. 26 / 29 FOSSLightRoadmap FOSSLight Source Scanner FOSSLight System FOSSLight Binary Scanner FOSSLight Reuse FOSSLight Dependency Scanner 2021 1Q 2021 2Q 2021 3Q
- 28. 27 / 29 FOSSLightContribution Items Identification Input : SPDX, other scanner result Distribution Implementation Integration with Open Database (ex. Software Heritage) Test Automation
- 29. 28 / 29 Yourattention, please. Thank YOU !!
- 30. 29 / 29 Appendix.FOSSLight Sticker Image Candidates