Overview
Syllabus
Intro
Agenda
Compliance issues Supplier Product vendor
Security issues
Issues in software development Compliance issue Understand all the components used Comply with the software license
What is SBOM? OSBOM : Software Bill of Materials
SBOM in Life Cycle
SBOM Implementation Example
Solution for creating SPDX
Using spdx with Yocto Ometa-spdxscanner Generate a SPDX file by calling FOSSology or ScanCode Toolkit
Systems that solve problems
Example of system use
CodeChecker - Settings
PostgreSQL - Settings
FOSSology - Settings
cve-check & build
CodeChecker - Results
FOSSology - Results
SPDX files
Summary & Future work Summary OSBOM is effective for solving software development problems
Taught by
Linux Foundation