Don’t miss out! Join us at the next Open Source Summit in Seoul, South Korea (November 4-5). Join us at the premier vendor-neutral open source conference, where developers and technologists come together to collaborate, share knowledge, and explore the latest innovations and advancements in open source technology. Learn more at https://events.linuxfoundation.org/
Streamlining Open-Source License Compliance With the Continuous Clearing Tool – Amrit Kumar Verma & Aditya Narayan, Siemens
We present Continuous Clearing (CA) Tool, an open-source solution designed to automate & accelerate the license clearing of OSS components. This tool streamlines the identification & license compliance of 3rd party OSS components within various projects, including those using NPM, NuGet, Maven, Python, Alpine & Debian. It ensures that orgs. maintain a SBOM for all builds within the DevOps pipeline. It is designed with 3 different modules:
1. Package Identifier: This module accepts a package file or BOM as input & produces a SBOM file as output. It classifies each dependency type & incorporates into the output SBOM.
2. SW360 Package Creator: Utilizing the SBOM from the package identifier, this module identifies & creates any missing components or releases in SW360. Then associates components with the relevant project in SW360 & triggers the upload to FOSSology & automatically updates the clearing state in SW360. It also offers an option to exclude dev dependencies, if they are not relevant for compliance.
3. Artifactory Uploader: This final module takes the updated BOM & uploads components tagged as "Report approved" clearing state to the JFrog artifactory.
