Online / 6 & 7 February 2021

schedule

Capabilities for Open Source Compliance

Understanding the OpenChain Capability Model


Openchain is a comprehensive set of requirements allowing to cope with the open source compliance challenge. Recently it even has been accepted as ISO standard. However, compliance in todays world is not possible without tool support. To get a grip on the different tools, understand what they can do and where their limitations are, the OC tooling workgroup decided to develop a capability model. This model outlines all required capabilities to cope with the open source challenge and allows to map the functionality of tools. Thus the model can be seen as a map through the djungle of tools. In this talk, Jan will introduce the model as well as briefly outline the most relevant capabilities. Links to further resources as well as first maps will be provided.

Open Source Compliance (OSC) is not a might anymore. It is part of good manufacturing practise. Since manufacturing and software grow closer, the insight that not only the Software Bill of Materials (SBOMs) become essential for maintainability and security of software but also the legal documentation can't be seen as a once printed and never read paperwork anymore. The acceptance of CI/CD as development best practise and the ever growing amount of components used from open source stacks and their imminent dependencies prevent further manual delivery of compliance artefacts. But what is required to cope with that challenge? Where do you have to put your efforts in? Which tools are the right tools to check for your purpose? To help you answer these questions, the Capability model has been designed.
This talk introduces the motivation as well as the basic aspects of the model without going into details. Guiding thoughts and ideas will be transported as well as links for further studies will be provided. Finally the talk will conclude with a few mapping samples and an outlook in which directions the work will proceed.

Speakers

Photo of Jan Thielscher Jan Thielscher

Links