Category

Featured

OpenChain Webinar #9 – OpenChain Self-Certification Questionnaire – Full Recording

By Featured, News

This week we did something a little bit special with the webinar format. It was a live walk-through of the Conformance Questionnaire with example solutions to each question required for OpenChain conformance. This is the first run-through of what will become a formal OpenChain video guide later in the month. As such, it was interactive, and suggestions for improvement were taken on-board.

Of course, this run-through will be immediately useful to any organization considering or undergoing OpenChain conformance right now.

This is part of the bi-weekly OpenChain Webinar series. Every two weeks we have international speakers covering a wide range of topics related to practical open source compliance challenges, solutions and considerations.

Learn More About The Webinar Series

OpenChain Reference Tooling Work Group Meeting – July 27th – Morning and Afternoon – Full Recording

By Featured, News

The OpenChain Reference Tooling Work Group meets bi-weekly to discuss open source tools for open source compliance. There are frequent demos and discussions around practical use. This is a good place to engage if you are considering open source tooling for your compliance activities.

This video is intended to give you an example of what our community gets up to in this area.

Learn More On The Dedicated Website

Take Part in the Activity via GitHub

OpenChain Fourth Monday Spec Call – July 2020 – Full Recording

By Featured, News

We are discussing ideas and observations regarding OpenChain 2.0. This maps perfectly to our forthcoming ISO/IEC International Standard, currently under ballot as DIS5230, voting finishes September 23rd.

Some of the comments raised will be addressed through reference material. Some of the comments will feed into discussions for further drafts of the standard.

You can be part of this by joining our bi-weekly calls. We speak at 9am Pacific on the Second Monday and 5pm Pacific on the Fourth Monday of each month. These discussions are Chaired by Mark Gisi, the leader of the Specification Work Team.

Check Out Our Specification Review Work On GitHub

Wipro Limited is the latest OpenChain Partner

By Featured, News

SAN FRANCISCO, August 4, 2020 –The OpenChain Project today announced Wipro Limited (NYSE: WIT, BSE: 507685, NSE: WIPRO), a leading global information technology, consulting and business process services company as the latest participant in the growing partner program. Wipro will provide an important bridge between companies seeking to adopt the OpenChain industry standard for compliance and the implementation of quality open source compliance programs.

“Wipro is delighted to join the growing OpenChain partner ecosystem and support the additional uptake of the industry standard for open source compliance,” says Andrew Aitken, Global Open Source Practice Leader, Wipro Limited. “We are keen to support members on their open source strategy and compliance journey through our unique advisory services. We look forward to supporting OpenChain as it graduates from ISO as a fully-fledged formal International Standard.”

“Wipro occupies a significant place in the global services industry,” says Shane Coughlan, OpenChain General Manager. “Our new partnership offers great potential to ensure that the forthcoming formalization of OpenChain as an International Standard can be messaged and understood as widely as possible. We are looking forward to collaborating closely with Andrew, Gilles and the rest of the team specialized in open source.”

About Wipro Limited

Wipro Limited (NYSE: WIT, BSE: 507685, NSE: WIPRO) is a leading global information technology, consulting and business process services company. We harness the power of cognitive computing, hyper-automation, robotics, cloud, analytics and emerging technologies to help our clients adapt to the digital world and make them successful. A company recognized globally for its comprehensive portfolio of services, strong commitment to sustainability and good corporate citizenship, we have over 180,000 dedicated employees serving clients across six continents. Together, we discover ideas and connect the dots to build a better and a bold new future.

OpenChain Webinar #9 – Today (Monday) at 9am Pacific – The OpenChain Conformance Questionnaire

By Featured, News

This week we will be doing something a little bit special with the webinar format. It will be a live walk-through of the Conformance Questionnaire with example solutions to each question required for OpenChain conformance. This is the first run-through of what will become a formal OpenChain video guide later in the month. As such, it will be interactive, and your suggestions for improvement will be taken on-board. Meanwhile, this run-through will be immediately useful to any organization considering or undergoing OpenChain conformance right now. Join us at 9am Pacific.

This is part of the bi-weekly OpenChain Webinar series. Every two weeks we have international speakers covering a wide range of topics related to practical open source compliance challenges, solutions and considerations. You can learn more about this series here: 
https://www.openchainproject.org/webinars-interviews

Join Our Zoom Meeting

https://zoom.us/j/9990120120 ( https://www.google.com/url?q=https%3A%2F%2Fzoom.us%2Fj%2F9990120120&sa=D&usd=2&usg=AOvVaw3kFRATgXJbTk7iL3HEkTN1 )

Password

* 123456

One Tap Telephone (no screensharing)

* +358 9 4245 1488,,9990120120# Finland
* +33 7 5678 4048,,9990120120# France
* +49 69 7104 9922,,9990120120# Germany
* +852 5808 6088,,9990120120# Hong Kong
* +39 069 480 6488,,9990120120# Italy
* +353 6 163 9031,,9990120120# Ireland
* +81 524 564 439,,9990120120# Japan
* +82 2 6105 4111,,9990120120# Korea
* +34 917 873 431,,9990120120# Spain
* +46 850 539 728,,9990120120# Sweden
* +41 43 210 71 08,,9990120120# Switzerland
* +44 330 088 5830,,9990120120# UK
* +16699006833,,9990120120# US (San Jose)
* +12532158782,,9990120120# US

Find your local number: https://zoom.us/u/abeUqy3kYQ ( https://www.google.com/url?q=https%3A%2F%2Fzoom.us%2Fu%2FabeUqy3kYQ&sa=D&usd=2&usg=AOvVaw2yK4fS2trpB1lITLI31XE9 )
Not all countries have available numbers.

After dialing the local number enter 9990120120#

Check Out All Our Other Webinars

OpenChain Sponsors COSCUP Again – Local Team Doing Awesome Talk As Well

By Featured, News

The OpenChain Project is once again sponsoring the COSCUP conference in Taiwan, an event that provides a unique opportunity to connect with individuals at the heart of one of the most innovative locations for information technology. Even more importantly, our OpenChain Taiwan Work Group founders, SZ Lin and Lucien Lin, will be delivering a talk on the first day of the event, August 1st!

Check Out Our Talk

2020 / 08 / 01
16:10 ~ 16:40
RB105 主議程軌

OpenChain 開源合規業界標準 – 有效管理使用開源軟體的法遵之道
by 林上智 (SZ LIN)Lucien C.H. Lin 林誠夏漢語

OpenChain是開源軟體使用在企業供應鏈裡的合規及法遵建議流程,它讓軟體供應的上下游在交付上都有所依循,並且能融入與開源軟體開發社群的互動之道!


OpenChain是開源軟體使用在企業供應鏈裡的合規及法遵建議流程,它讓軟體供應的上下游在交付上都有所依循,並且能融入與開源軟體開發社群的互動之道!

開源軟體 (Open Source Software) 在這幾年成為資通訊領域的主流趨勢,舉凡從 5G (ORAN)、區塊鍊、 AI、Cloud、到 Embedded Linux 等等,從應用層到 driver 層都已經被大量使用。從消費端到工業應用,業界已非常頻繁的使用開源軟體 (Open Source Software) 來整合或進行二次開發。

然而,開源軟體在著作權利上並非無主物,使用開源軟體在合規及法遵面,第一步就是要遵循並履行該開源軟體的授權條款義務,如使用 GPL 授權的程式就要依散布情境來提供程式源碼給程式的收受者,並且標註修改等等。如何多元取用開源軟體,又能妥善合於各開源條款的規定,就是商業利用者或會覺得困擾,但又不得不正向處理的當前要務。而為了讓企業產業鏈之間,能合規且有效的管理並使用開源軟體,Linux Foundation 成立了 OpenChain 專案,由多所跨領域之企業分享其管理流程,並進而一同制定開源合規的流程及規範。

OpenChain 這套管理流程,即將在今年成為 ISO/ IEC 國際標準,此次分享會的主軸在為9月OpenChain TW Group的公開活動作引,介紹 OpenChain 最新規範以及業界狀態,並以實例說明,透過導入 OpenChain,如何讓產業能兼務社群交誼和互動,除了讓組織能統性且有效率的管理開源軟體,亦能同時降低企業風險,以及減少研發資源不必要的花費。

Learn More About Our Talk And Speakers!

Learn More About COSCUP (English)

Learn More About COSCUP (Traditional Chinese)

Bitsea is the Latest OpenChain Partner

By Featured, News

Bitsea, a company helping customers to analyse, assess, and optimize Software Development processes, has joined the OpenChain Partner program. This marks another significant expansion of the OpenChain ecosystem into the German software industry, and provides another milestone in our preparation to support our growth as a formal International Standard in Q4.

“Bitsea is delighted to join the OpenChain Partner program,” says Dr. Andreas Kotulla. “We have a long history of supporting excellent in open source and we look forward to helping our customers and adjacent companies understand and apply the OpenChain standard for quality open source compliance programs.”

“A key pillar of the OpenChain community is support,” says Shane Coughlan, OpenChain General Manager. “A great deal of this support is provided by our local and global work groups, consisting largely of user companies. However, there is a substantial proportion of this support provided by partners, and they provide a vital role in ensuring the sustainability of our industry standard. Bitsea will help bolster our support network and their deep experience will benefit everyone seeking to build out a quality open source compliance program.”

OpenChain Webinar #8: Compliance @ GitLab – Full Recording

By Featured, News
This image has an empty alt attribute; its file name is avatar.png

We took a look at how GitLab addresses compliance for this webinar on the 20th of July. Mo Khan, Senior Backend Engineer, explained the approach offered to users and why it is effective. One of the most interesting things we explored is how it all works with CI/CD, a hot topic in the OpenChain community and beyond.

Check out all our previous webinars

FOSSology の新しいOSSライセンススキャン 「Atarashi」 調査

By Featured, News

はじめに

OpenChain Japan WG Advent Calendar 2019 Day18を担当する @K-Hama です.OSSマネジメントプロセスの研究とOSS管理に利用するツールの研究開発が主な仕事ですが,最近はOSS関係のコミュニティ活動も行っています.本日はFossologyプロジェクト1が進めている新しい検索エンジン「Atarashi2」を調べて分かったことを簡単にまとめ,インストール方法までを紹介しようと思います.

Fossology とは

最初に簡単にFossologyとは何かを紹介します.Fossologyはソフトウェアを構成するソースコードを分析し,中に含まれているOSSライセンス,コピーライト,ECCなどの情報を検出,リストアップするツールです.Fossologyは The Linux Foundationの傘下プロジェクト主体で開発されていて,Fossology自体もOSSライセンスで利用許諾されているので誰でも自由に無料で利用可能となっています.基本的な使い方や情報は日本語のハンズオン資料がOpenChain Japan3(日本語), FossologyのGithub4で(日本語,英語,ベトナム語)公開されているのでそちらを参考にしてください(日本語の内容はどちらも同じ).また,誰でも無料で参加できるFossologyのイベントが OpenChain Japan WG Tooling Sub-WG 主催で2019年12月20日に東京で開催されます5.(このイベントにはFossologyの主開発者のMichael C. Jaeger さんも来ます).Fossologyに関して他に以下のドキュメントが参考になります.

Fossologyインストール方法
Fossologyインストール方法 日本語
FOSSology – Install from Sourceのススメ
@y-ashiduka さんがOpenChain Japan WG Advent Calendar 2019 Day 10に投稿された
 Yocto環境にmeta-spdxscannerを適用し、SPDX出力環境を構築する(fossdriver利用編)

Atarashi の調査にあたって

FossologyにはNomos, Monkなどのライセンス検索エージェントが存在しています.これらに加えてテキストマイニングをしてライセンス検知を行おうとしているのものが、Atarashi2とのことです.AtarashiはFossologyの1検索エンジンとして開発されているようですが,現時点ではFossologyの本家にPull Request6が行われているもののマージされておらず,FossologyをインストールすればそのまますぐにAtarashiを使えるわけではないみたいです[2019年12月時点]. そこで,本記事ではAtarashiが何を目指して開発されているのか調査し,その上で分かったことをここにまとめようと思います.Atarshiに実装されている細かい検索アルゴリズムについては今回は名前を出すに留めます. ソースコードはGitHub7で公開されていますので誰でも確認できます.また,Google Summer of Code Projectの一つのプロジェクトとしてもAtarashiは進められていたたようです.他にAtarashiに関する資料がとしては以下のものが公開されています.・ FOSSology: Two New Approaches For License Scanning from Shane Coughlan

Atarshiの目的

fossology-two-new-approaches-for-license-scanningによると,Atarashi はテキスト統計および情報検索をもとにしたnon-rule based scannerです.

ファイルの展開をした後に,
1. SPDX identifiers を見つける
2. SPDX headers を見つける
3. 見つけたものを適用
4. 類似度をもとにランキング作成
5. 出力表示

といったプロセスで進んでいくようです.SPDX identifiers / SPDX headers についてはSPDXのページ8に詳細が書いていますので是非参考にして下さい.

なお OpenChainJapanのSPDXに関する取り組みは @Yoshiyuki_Ito さんが「製品開発サプライチェーンでのライセンス情報授受の仕組みに関わる、「組織間のライセンス情報授受」サブグループの活動ご紹介」で紹介してくれています. 

また,1. SPDX identifiers を見つける の部分に関してはすでにFossologyで ojo Agentとして実装されており,利用可能です.使い方は簡単で検索オプション指定時に[ojo]を選択するだけです.

ojo.png
ojo_result.png

結果は以下みたいな感じになります.

Atarashiの構成

公式ドキュメントによるとAtarashiの中にもいくつかの検索エージェントが含まれており,それを指定し利用する仕組みになっています.名前はそれぞれ利用しているワード検索の手法に由来してます.

前準備

以下をインストール

  • Python >= v3.5
  • pip3

インストール

今回はインストール方法まで紹介しようと思います.(以下 commit id 387e144)

はじめに requirement.txt を利用してパッケージを導入すればいいのですが、numpyだけは別途入れる必要があります。

$ git clone  https://github.com/fossology/atarashi.git
$ cd atarashi
$ pip3 install numpy
$ pip3 install -r requirements.txt
$ pip3 install .

以上でインストールは完了です.

下記のようにヘルプコマンドを押して

$ atarashi -h
fossology-atarashi-1.png

以下のように出てきたらインストールは成功

インストールのあとどのように利用するか,利用した結果などを今後紹介できたらいいと思います.

さいごに

FOSSologyのを含めOSSライセンスの検索エンジンに関しては,いろいろなニュース出てきてて,今とても熱い分野だと言えそうです.(例: Digging for license information with FOSSology ). 今後OpenChain Japan WG Tooling Sub-WGでは企業の枠を超えてFossologyやAtarashiの利用方法調査や機能の実装も協力して進めていきたいと思います.興味があればメーリスに登録することをお勧めします. https://lists.openchainproject.org/g/japan-sg-tooling

なお、OpenChain Japan WG Tooling Sub-WGの活動については @ystk-k さんの記事を参考にしてみてください。
https://qiita.com/ystk-k/items/1ec2b416cc05b98597a9

追記(2020/01/06)

Fosoology/Atarashiのレポートが公開されてたようなので共有しておきます.
https://github.com/fossology/atarashi/files/4016573/Atarashi-Report.pdf

公開場所: https://github.com/fossology/atarashi/pull/60

明日は

@yuichi-kusakabe さんがOpenChainとAGLに関係する記事を書いてくれます.Automotive Grade Linuxに興味がある方は是非一読しましょう.


  1. https://www.fossology.org/ 
  2. https://fossology.github.io/atarashi/ 
  3. https://github.com/OpenChain-Project/Japan-WG-General/tree/master/Compliance-Tooling/FOSSology/Hands-on 
  4. https://github.com/fossology/FOSSologySlides 
  5. https://lists.openchainproject.org/g/japan-sg-tooling/message/15 
  6. https://github.com/fossology/fossology/pull/1408 
  7. https://github.com/fossology/atarashi/ 
  8. https://spdx.org/ids 

OpenChain Webinar #8 – Compliance @ GitLab – 5pm Pacific, July 20th

By Featured, News

We are taking a look at how GitLab addresses compliance for this webinar. Mo Khan, Senior Backend Engineer, will explain the approach offered to users and explain why it works. One of the most interesting things we can explore is how it all works with CI/CD.

We will allow plenty of time for questions and comments, so this is a perfect webinar to start engaging with the OpenChain community.

Get an overview of the GitLab approach

Learn more about Mo

Take Part in the Webinar

Join Our Zoom Meeting

https://zoom.us/j/9990120120

Password

* 123456

One Tap Telephone (no screensharing)

* +358 9 4245 1488,,9990120120# Finland
* +33 7 5678 4048,,9990120120# France
* +49 69 7104 9922,,9990120120# Germany
* +852 5808 6088,,9990120120# Hong Kong
* +39 069 480 6488,,9990120120# Italy
* +353 6 163 9031,,9990120120# Ireland
* +81 524 564 439,,9990120120# Japan
* +82 2 6105 4111,,9990120120# Korea
* +34 917 873 431,,9990120120# Spain
* +46 850 539 728,,9990120120# Sweden
* +41 43 210 71 08,,9990120120# Switzerland
* +44 330 088 5830,,9990120120# UK
* +16699006833,,9990120120# US (San Jose)
* +12532158782,,9990120120# US

Find your local number: https://zoom.us/u/abeUqy3kYQ
Not all countries have available numbers.

After dialing the local number enter 9990120120#

Check out all our previous webinars