Open Source Summit Japan 2023

Are you facing difficulties managing your software dependencies for license and security compliance, all in an automated way? In today's fast-paced digital landscape, staying compliant with software components and dependencies is paramount, and if you found this challenging, then this presentation finds you interesting, in this presentation we talk how organizations can manage dependencies throughout their release-cycle in an automated way, analyze and manage software license and vulnerabilities systematically with minimum effort, and being compliant by consuming, enriching, and managing software bill of materials. Especially, we will utilize ORT(OSS Review Toolkit) for scanning and discuss the generation of Cyclonedx analysis files, along with their integration into SW360. Though our roadmap encompasses both license clearing and security, the primary focus of this talk will be on license clearing. We will also touch upon potential integrations, such as VulnerableCode, and the application of Vulnerability scan to enrich the SBOM. What participant gains? The participants will gain a understanding on how to achieve continuous compliance with consistent SBOM management in an automated way using a combination of oss compliance tools such as Linux Foundation’s FOSSology, ORT and Eclipse Foundation’s SW360 project.