Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Software Composition Analysis at Scale with Eclipse Apoapsis

Eclipse Foundation via YouTube

Overview

Learn about Software Composition Analysis at scale through this 26-minute conference talk from the Eclipse Foundation that introduces Eclipse Apoapsis, a new project providing server-based solutions for continuous software analysis across diverse repositories. Explore how to generate and manage Software Bills of Materials (SBOMs) and reports using the ORT-Server reference implementation in conjunction with the OSS Review Toolkit. Discover how the Abstraction Layer for Software Composition Analysis (ALSCA) addresses the challenges of maintaining transparency in software lifecycle management while accommodating diverse and agile development environments. Understand the project's approach to fulfilling critical non-functional requirements including SBOM creation, vulnerability tracking, and license compliance. Examine how Eclipse Apoapsis bridges tooling requirements with operational needs in medium to large organizations, following specifications from the Open Chain Tooling Group's capability map for Open Source Management. Gain insights into implementing central Software Composition Analysis pipelines that support various project configurations, from mobile apps using Cocoapods to cloud services using Java/Maven, while offering flexible analysis options ranging from basic SBOM creation to comprehensive dependency analysis with vulnerability and license reporting.

Syllabus

Eclipse Apoapsis - Open Source based Software Composition Analysis at scale - OCX 2024

Taught by

Eclipse Foundation

Reviews

Start your review of Software Composition Analysis at Scale with Eclipse Apoapsis

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.