AboutCode is holding a one day workshop for open source compliance tooling developers and users on the fringe of FOSDEM 2023. You probably know Philippe Ombredanne from ScanCode, who is a key driver behind this. It takes place Friday, February 3, 2023, 9:00 AM – 5:00 PM (UTC+01:00).
Event structure as per their website:
Which tools is this about? FOSS tools for software provenance detection tools, license detection and compliance tools, code scanning tools, package dependency analysis tools, container analysis tools, SBOM creation and consumption tools, and license or vulnerability databases
Basically all the tools you need to figure out which FOSS code you use, where it is from, what is its license, how to comply with the license, and whether it contains vulnerable code. We organized this workshop last in 2020 (pre-COVID) and there were developers from the ORT, ScanCode, ClearlyDefined, FOSSology, Tern, VulnerableCode, SW360, DoubleOpen and OpenChain projects, and users from the finest organizations, technology and industrial companies worldwide. Whether you are a developer or user interested in the Software Supply Chain and SBOMs, a FOSS license-savvy lawyer, a compliance or security analyst, or an OSPO member: you will be warmly welcomed.
The day will be split in two:
• In the morning, the focus is on tool developers: they will announce and share their plans and we will discuss opportunities for collaboration, sharing and joint projects.
• In the afternoon, the focus is on tool users: they will share their concerns, problems and requirements and we will discuss opportunities for collaboration and address these in the represented projects.