Automating OpenChain with an open source CI pipeline

CC Attribution 2.0 Belgium:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.

Identifiers

10.5446/52780 (DOI)

Publisher

FOSDEM VZW

Release Date

2021

Language

English

Content Metadata

Subject Area

Computer Science

Genre

Conference/Talk

Abstract

In this talk, James Curtis, lead developer at OpusVL, will explain the complex compliance challenge faced when working on a variety of projects for different customers, each having overlapping and separate areas of Open Source code. He will explain the approach taken to automating the process by connecting up the software release pipeline through Continuous Integration (CI) tooling to deliver OpenChain compliance reporting. This will cover the path from developer and version control through testing and finally to the hosted container image. The tools and processes will be shared as well as the current state - this is a new subject area so it is constantly being developed, and all based on freely available Open Source components. The development of this process was funded by Innovate UK through the (DITO project)