OSPO-Ready Yocto Projects - The Data You Didn't Know You Had

Discover how to make Yocto Projects OSPO-ready in this 23-minute conference talk by Alberto Pianon. Learn about a proof-of-concept that creates a dynamic representation of a Yocto project SBOM in a graph database, enabling valuable datapoints for Open Source Program Offices (OSPOs). Explore how this approach can help detect license incompatibilities, generate detailed SBOMs with file-level license metadata, and identify offending binary files in IP compliance cases. Gain insights into the process of collecting file checksums during various build stages and creating a graph database with relationships between files. Understand how this database, combined with file-level license data, allows for automated compliance checks in a Yocto environment. See a demonstration of the graph database developed by the Oniro Compliance R&D Team, including a dynamic and browseable graphic representation. Discover potential ways to implement this solution in Yocto and learn how it can significantly improve OSPO readiness for your projects.