Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Complete Compliance Toolchain for Yocto Projects - Software Composition Analysis and SBOM Automation

Eclipse Foundation via YouTube

Overview

Learn about an advanced compliance toolchain for Yocto projects in this 13-minute conference talk from FOSDEM 2023. Discover how Eclipse Oniro implemented one of the largest compliance efforts for Yocto projects, incorporating tools like Fossology, Scancode, SPDX, BANG, and Gitlab CI alongside custom-developed solutions. Explore the creation of a comprehensive Software Bill of Materials (SBOM) system that includes a dashboard, aliens4friends, a graph database for mapping dependencies and license incompatibilities, and a license resolver. Understand how to track and preserve compliance information throughout the build process, uniquely identify files in the final image, resolve binary file licenses from mixed-license source files, and manage dependencies in large-scale projects. Gain insights into achieving OpenChain conformant software composition analysis through unprecedented automation techniques for handling extensive data, licenses, files, and packages.

Syllabus

FOSDEM 2023: A complete compliance toolchain for Yocto projects (even very large ones, yes)

Taught by

Eclipse Foundation

Reviews

Start your review of Complete Compliance Toolchain for Yocto Projects - Software Composition Analysis and SBOM Automation

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.