OpenChain Reference Tooling Work Group - FOSDEM Meeting Outcomes
This is from Oliver (OSS Tooling List included for reference, I know you already saw this):
I enjoyed very much the discussions we had during the above mentioned sessions.
Here is the short summary of the results.
Please find attached the "big picture" I presented and explained.
1. Big picture:
It would be good to have information "who is using which open source tool to do OSS compliance work", so that one an overview, this might help during internal discussion about tooling which shall be introduced. We did not find an exact solution for this, but there was consensus the we shall go for enhancing the planned TODO Group survey with concrete questions about OSS based compliance tool usage. The survey is planned to be launched in June 2020.
It would help a lot if there is a detailed description of the functional building blocks (e.g. License & copyright scanner) available and also which concrete tool implements the functionality or part of. (Note: a similar requirement is also the result of the "requirements" session, see below)
2. Glue Code:
To produce glue code a concrete use case is necessary. If you have a concrete use case and the tools one is intending to use it is easy to derive the necessary glue code which is required to implement the use case. This will also provide the possibility to check whether the APIs of the tools support the implementation of the use case. In case a tool does not support the needed API it is best to file an issue on that specific tool.
There shall be a place where one can share information about different integration scenarios or proof of concepts different person are currently working on, in order to avoid duplicated efforts and to be able to connect to the persons working on it to join in
Martin is willing to share the information about their Yocto proof concept
Arun is will to share information about their work
* I will create a place (directory) in our Github repo that these information can be shared and others have a place to see who is currently working on what
There is additionally the possibility that the current existing tools have integration scenarios with other tools on their roadmap thus for these scenarios not glue code will be needed. It makes sense to check also their roadmap
There was consensus that documentation is needed which describes the trail coming from user stories (what do I want/need to do) to capabilities of the different functional building blocks of the big picture (e.g. License & copyright scanner) and to a concrete instances of tools which implement the capabilities (this will also be a good base to identify needed glue code and/or APIs to be implemented in the concrete tools)
I will create an issue about this in our Github repo
If you want to contribute to realize the results we have agreed on you are highly welcome, please comment on the issues I will create based on the results and start working on them.
Let's work together to make this happen
Mailing list subscription page: https://groups.io/g/oss-based-compliance-tooling
Our Github repo is https://github.com/Open-Source-Compliance/Sharing-creates-value
General Manager, OpenChain
p: +81 (0) 80 4035 8083
Schedule a call: