Skip to main content
Category

Automation

Automation Case Study #7 – VulnerableCode technical deep dive into VulnTotal

By Automation, Featured, News

Philippe Ombredanne from nexB lead a technical deep dive into VulnTotal on the 7th of February 2023. It was about an aspect of the AboutCode Project, with VulnerableCode providing tools to collect, aggregate and refine software vulnerability information from more than 20 sources and tools to quickly create new “importers”. Called VulnTotal, it came out of Google Summer of Code 2022:

VulnTotal: Cross-validate vulnerability coverage of VulnerableCode (Keshav Priyadarshi)

VulnerableCode is a unique project that collates and cross-references FOSS vulnerability data from multiple sources. Inspired by the VirusTotal multi-scanner virus scanning service, the VulnTotal project will cross-validate the vulnerability coverage of VulnerableCode against other publicly available vulnerability check tools and databases. For instance, a package may be reported as vulnerable by one tool or database but not by another. We can gradually work with these tool providers to keep each other apprised about newly discovered vulnerabilities, making FOSS more secure.

Automation Case Study #6 – Digging Further Into The Supply Chain

By Automation, Featured, News

The OpenChain automation case study about using open source tools for open source compliance runs between September and December 2021. It is the largest case study ever undertaken in this space. The outcome of attending will include better knowledge of options for automation around open source compliance, a better understanding of interoperability in the space, and an awareness of how to engage with the field in a turn-key manner.

Part #6 digs further into how a Software Bill of Materials like SPDX ISO/IEC 5962 can optimize operations in the supply chain by ensuring manual or automated analysis works in a more efficient and effective manner.

Coming Next:

  • December 16th, a recap of the whole open source tooling eco-system at Open Compliance Summit 2021.

Available to Watch Now:

Learn More:

Automation Case Study #5 – SBOMs in a Virtual Supply Chain

By Automation, Featured, News

The OpenChain automation case study about using open source tools for open source compliance runs between September and December 2021. It is the largest case study ever undertaken in this space. The outcome of attending will include better knowledge of options for automation around open source compliance, a better understanding of interoperability in the space, and an awareness of how to engage with the field in a turn-key manner.

Part #5 explores how SPDX ISO/IEC 5962 works as a Software Bill of Materials (SBOM) in the supply chain through existing open source tooling for open source compliance.

Coming Next:

  • December 8th, expanding on the Supply Chain and SBOMs.
  • December 16th, a recap of the whole open source tooling eco-system at Open Compliance Summit 2021.

Available to Watch Now:

Learn More:

Automation Case Study #4 – How The Graphical Interface Can Help With Using TERN

By Automation, Featured, News

The OpenChain automation case study about using open source tools for open source compliance runs between September and December 2021. It is the largest case study ever undertaken in this space. The outcome of attending will include better knowledge of options for automation around open source compliance, a better understanding of interoperability in the space, and an awareness of how to engage with the field in a turn-key manner.

Part #4 explores how TERN (a container scanner) works both with the graphical tool and when used on its own.

Coming Next:

  • November 24th, we do a “fake supply chain” showing code going through multiple scanners and maintaining SPDX Lite integrity.
  • December 8th, expanding on the Supply Chain and SBOMs.
  • December 16th, a recap of the whole open source tooling eco-system at Open Compliance Summit 2021.

Available to Watch Now:

Learn More:

Automation Case Study #3 – How The Graphical Interface Can Help With Using Open Source Review Toolkit (ORT)

By Automation, Featured, News

The OpenChain automation case study about using open source tools for open source compliance runs between September and December 2021. It is the largest case study ever undertaken in this space. The outcome of attending will include better knowledge of options for automation around open source compliance, a better understanding of interoperability in the space, and an awareness of how to engage with the field in a turn-key manner.

Part #3 explores how ORT (the Open Source Review Toolkit) works both with the graphical tool and when used on its own.

Coming Next:

  • October 27th, we do a deep dive on using TERN via the tool + deep dive into TERN internals engineering.
  • November 24th, we do a “fake supply chain” showing code going through multiple scanners and maintaining SPDX Lite integrity.
  • December 8th, expanding on the Supply Chain and SBOMs.
  • December 16th, a recap of the whole open source tooling eco-system at Open Compliance Summit 2021.

Available to Watch Now:

Learn More:

Automation Case Study #2 – A New Open Source Graphical Interface For Tooling

By Automation, Featured, News

The OpenChain automation case study about using open source tools for open source compliance runs between September and December 2021. It is the largest case study ever undertaken in this space. The outcome of attending will include better knowledge of options for automation around open source compliance, a better understanding of interoperability in the space, and an awareness of how to engage with the field in a turn-key manner.

Part #2 explores the engineering behind the new graphical tool from Facebook/TNG that makes open source tooling easier to use.

Coming Next:

  • October 13th, we do a deep dive on using ORT via the tool + deep dive into ORT internals engineering.
  • October 27th, we do a deep dive on using TERN via the tool + deep dive into TERN internals engineering.
  • November 24th, we do a “fake supply chain” showing code going through multiple scanners and maintaining SPDX Lite integrity.
  • December 8th, expanding on the Supply Chain and SBOMs.
  • December 16th, a recap of the whole open source tooling eco-system at Open Compliance Summit 2021.

Available to Watch Now:

Learn More:

Automation Case Study #1 – Contextualizing Tooling and Analysis

By Automation, Featured, News

The OpenChain automation case study about using open source tools for open source compliance runs between September and December 2021. It is the largest case study ever undertaken in this space. The outcome of attending will include better knowledge of options for automation around open source compliance, a better understanding of interoperability in the space, and an awareness of how to engage with the field in a turn-key manner.

Part #1 explores a new graphical tool from Facebook/TNG to make open source tooling easier to use. Our demo shows ORT calling ScanCode in a clean, simple way. We also discuss how the graphical interface was designed.

Coming Next:

  • October 13th, we do a deep dive on using ORT via the tool + deep dive into ORT internals engineering.
  • October 27th, we do a deep dive on using TERN via the tool + deep dive into TERN internals engineering.
  • November 24th, we do a “fake supply chain” showing code going through multiple scanners and maintaining SPDX Lite integrity.
  • December 8th, expanding on the Supply Chain and SBOMs.
  • December 16th, a recap of the whole open source tooling eco-system at Open Compliance Summit 2021.

Available to Watch Now:

Learn More: