Skip to content
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
35 lines (33 sloc) 1.93 KB
amazon_s3_presentation_url amazon_s3_video_url author categories comments date image layout session_id session_track slideshare_presentation_url speakers title youtube_video_url tag
2018-09-16 09:00:00+00:00
featured file_name path
Open Source Development, Tools
biography company job-title name speaker-image
Director of Foundation Technologies
Mike Holmes
biography company job-title name speaker-image
Linux Foundation
Sr. Director of Strategic Projects
Kate Stewart
YVR18-209:Building Accurate BOMs: Open Source Tooling Options

When creating reference builds of open source projects that others can use, being able to accurately document what was included is increasingly important to determine if a security vulnerability may apply, or accurately figuring out which open source licenses need to be complied with. Until now this has been a pretty manual process, and as a result, gets passed down the supply chain, and we end up with a bit of a mess or requires $$$ tooling.

In the last year we've seen a significant number of open source tools emerge that can help with this task and permit much of the manual work to be automated so accurate machine sharable files can be created. This talk will provide an quick overview of the state of open source tools able to generate/consume SPDX documents, then would like to do some brainstorming on logical points in the reference builds and upstream projects it makes sense to use them and what some of the limitations. Where gaps are identified, see what needs be done to fix.

You can’t perform that action at this time.