Online / 6 & 7 February 2021

schedule

Software Composition devroom


10 11 12 13 14 15 16 17
Sunday Software Composition Analysis Devroom Welcome
What is SCA?
OSS Review Toolkit - project update ScanCode projects update
Open source scanning
FOSSology SCA integration SCANOSS Update
Open source scanning designed for modern development (DevOps) environments
Composition analysis of Docker images and other rootfs OSS Projects Update - Concluding Q&A
This slot is for Q&A covering the preceding presentations
Overview Software Bill of Materials (SBOM) Automating creation of Software Bills of Materials
Generating SPDX documents for CMake and Zephyr
CycloneDX Software Bill of Materials Double Open: An automated open source compliance pipeline for Yocto built on SPDX
Automating embedded Linux open source compliance with open tools
Eclipse SW360
Web application for managing software Bill-Of-Material
Software Composition and SBOM - Concluding Q&A
This slot is for Q&A covering the preceding presentations
Building the world’s first free open source database of FOSS and their vulnerabilities.
Learn why and how we are building VulnerableCode, a free and open source database of FOSS components and their vulnerabilities.
Evolving vulnerabilities in CycloneDX DeepScan - assessing your code for effective licenses
Gaining insights and profit from sharing
Automating your license compliance policy with OSS Review Toolkit Usages of Software Composition - Concluding Q&A
This slot is for Q&A covering the preceding presentations
Devroom Software Composition: Concluding Remarks

Read the Call for Papers at https://github.com/software-composition-analysis/fosdem-2021-devroom.

As we all assemble more complex software apps from an ever growing number of free and open source software components, knowing what's in our code is a must for legal, security and operational reasons. Software Composition Analysis (SCA) is the set of techniques to determine which software components we reuse, where and how, as well as their origin, licensing, vulnerabilities, quality and other important attributes. Open source SCA tools are emerging as the best way to help determine which FOSS software components are used in a software system or application.

You are an SCA FOSS tool or project contributor, maintainer, or user? If so, let's meet at FOSDEM 2021 to share our techniques, experiences and bag of tricks and demo or present our FOSS tools to colloborate towards a better SCA FOSS toolchain.

Event Speakers Start End

Sunday

  Software Composition Analysis Devroom Welcome
What is SCA?
Philippe Ombredanne 14:00 14:05
  OSS Review Toolkit - project update Thomas Steenbergen 14:05 14:20
  ScanCode projects update
Open source scanning
Philippe Ombredanne 14:20 14:35
  FOSSology SCA integration Anupam Ghosh, Gaurav Mishra, shaheemazmalmmd 14:35 14:50
  SCANOSS Update
Open source scanning designed for modern development (DevOps) environments
Remco de Vries 14:50 15:05
  Composition analysis of Docker images and other rootfs Philippe Ombredanne 15:05 15:20
  OSS Projects Update - Concluding Q&A
This slot is for Q&A covering the preceding presentations
15:20 15:30
  Overview Software Bill of Materials (SBOM) Kate Stewart 15:30 15:35
  Automating creation of Software Bills of Materials
Generating SPDX documents for CMake and Zephyr
Steve Winslow 15:35 15:50
  CycloneDX Software Bill of Materials Patrick Dwyer 15:50 16:05
  Double Open: An automated open source compliance pipeline for Yocto built on SPDX
Automating embedded Linux open source compliance with open tools
Mikko Murto 16:05 16:20
  Eclipse SW360
Web application for managing software Bill-Of-Material
Smruti Prakash Sahoo 16:20 16:35
  Software Composition and SBOM - Concluding Q&A
This slot is for Q&A covering the preceding presentations
16:35 16:45
  Building the world’s first free open source database of FOSS and their vulnerabilities.
Learn why and how we are building VulnerableCode, a free and open source database of FOSS components and their vulnerabilities.
Shivam Sandbhor 16:45 17:00
  Evolving vulnerabilities in CycloneDX Gareth Rushgrove 17:00 17:15
  DeepScan - assessing your code for effective licenses
Gaining insights and profit from sharing
Jan Thielscher 17:15 17:30
  Automating your license compliance policy with OSS Review Toolkit Thomas Steenbergen 17:30 17:45
  Usages of Software Composition - Concluding Q&A
This slot is for Q&A covering the preceding presentations
17:45 17:55
  Devroom Software Composition: Concluding Remarks Philippe Ombredanne, Michael C. Jaeger 17:55 18:00