Upload
nexb-inc
View
270
Download
5
Embed Size (px)
Citation preview
How to Manage Open Source Requirements with AboutCode
How to Manage Open Source Requirements with AboutCode
Agenda• About nexB• Attribution Generation with AboutCode• Q&A
How to Manage Open Source Requirements with AboutCode
About nexB• Our business is software component management with a focus
on managing license compliance risks • Offering
o DejaCode™ - SaaS or on-premiseso Open Source audit serviceso Open Source scanning (ScanCode) and attribution generation tools
(AboutCode)• We are
o Software provenance analysis expertso Active open source developers & Linux Foundation membero Co-founders of SPDX project - http://spdx.org/
How to Manage Open Source Requirements with AboutCode
AboutCode and DejaCodenexB offers two OSS Compliance solutions:• AboutCode for engineering/product teams
o Basic system that can be adapted for any technology platform or language
o Can be integrated into build systemso Open source license – Apache 2.0
• DejaCode for the enterpriseo Enterprise application designed for use by legal, engineering and
business staff across all products and technologieso Import data from any engineering-level system and from external
sources (system of record for product releases)o Subscription for SaaS (or on-premises)
How to Manage Open Source Requirements with AboutCode
AboutCode• nexB created the AboutCode tools to automate OSS compliance
o Based on ABOUT specification v1.0o An ABOUT file documents the origin and license for each component,
usually at the library or directory levelo An ABOUT file = text file with file extension “.ABOUT”o Applicable to any programming language and software development
environmento Extensible for build system integration for advanced automationo Currently offered as command line tools
• Written in Python and licensed under Apache 2.0• Code and specification available at
https://github.com/dejacode/about-code-tool
How to Manage Open Source Requirements with AboutCode
AboutCode Compliance Lifecycle
How to Manage Open Source Requirements with AboutCode
ABOUT File ExampleA text file in tag / value format:httpd-2.4.3.tar.gz.aboutname: Apache HTTP Serverhome_url: http://httpd.apache.orgdownload_url: http://apache.belnet.be//httpd/httpd2.4.3.tar.gzversion: 2.4.3date: 2012-08-21license: apache-2.0license_file: httpd-2.4.3.tar.gz/LICENSEcopyright: Copyright 2012 The Apache Software Foundation.notice_file: httpd-2.4.3.tar.gz/NOTICE
How to Manage Open Source Requirements with AboutCode
AboutCode tools• Create ABOUT files inside a codebase from a Software BOM or
Inventory file (spreadsheet or other)• Create a Software BOM or Inventory file (spreadsheet or other)
from ABOUT files in the codebase• Generate an Attribution Notices file
o Text file organized by copyright/license notice and componento Default text or HTML format
• Generate a Source Code Redistribution package list
How to Manage Open Source Requirements with AboutCode
AboutCode Demonstration• Example based on e2fsprogs project
o Package included in most Linux distributions o Set of utilities under different licenses
• Software Inventory file to create ABOUT files• ABOUT files as created• Generated Attribution Notice
9
How to Manage Open Source Requirements with AboutCode
Questions
How to Manage Open Source Requirements with AboutCode
ContactsnexB Inc. http://www.nexb.com/ http://www.dejacode.com/http://www.aboutcode.org/
Pierre [email protected] +1 415 287 7643