Automating your license compliance policy with OSS Review Toolkit

148

Cite

Related Material

FOSDEM VZW

Steenbergen, Thomas

Formal Metadata

Title

Automating your license compliance policy with OSS Review Toolkit

Title of Series

FOSDEM 2021

Number of Parts

637

Author

Steenbergen, Thomas

License

CC Attribution 2.0 Belgium:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.

Identifiers

10.5446/52422 (DOI)

Publisher

FOSDEM VZW

Release Date

2021

Language

English

Content Metadata

Subject Area

Computer Science

Genre

Conference/Talk

Abstract

In this session we will demonstrate how to write a license policy in OSS Review Toolkit to automatically check the licenses found in a project and its dependencies. One of the reasons OSS Review Toolkit was started by its creators was a need to go beyond the usual allow/deny license policy in most SCA tools. For instance we wanted to be able to write checks with multiple levels of compliance depending on what was being reviewed or based on package meta data. In this session we will demonstrate how one can write license policy with checks/rules that take into account package metadata date or the code, license and product context.