Eclipse sw360 Web Application for managing software Bill-Of-Material, FASTEN Virtual Workshop, April 8, 2021
0 likes99 views
The document elaborates on the SW360 project, a software component catalog aimed at managing and documenting third-party software components, including licensing and dependencies. It provides solutions to mapping challenges among various systems by creating a central database for component names and connections. Additionally, it details its deployment specifications, history, and recent updates such as new integrations and features in its software infrastructure.
Eclipse sw360 Web Application for managing software Bill-Of-Material, FASTEN Virtual Workshop, April 8, 2021
- 1. SW360 Project CC-BY-SA 4.0 FASTEN Project Workshop 2021 SW360 Introduction Eclipse SW360 – Managing Software Bill-of-Material
- 2. SW360 Project CC-BY-SA 4.0 FASTEN Project Workshop 2021 2 Handling of Software Components IT today talks about components Involving different systems Code Quality Checker Source Code Scanner Artefact Repository License Scanner Project BOM Management
- 3. SW360 Project CC-BY-SA 4.0 FASTEN Project Workshop 2021 3 Problem: not 1-to-1 but many-to-many Mapping effort for all component managing systems Will multiply for new systems Code Quality Checker Source Code Scanner Artefact Repository License Scanner Project BOM Management
- 4. SW360 Project CC-BY-SA 4.0 FASTEN Project Workshop 2021 4 Solution: Phonebook for Components Central database for names for software components Connect systems to talk to each other Like person directory for IT systems in company already Code Quality Checker Source Code Scanner Artefact Repository License Scanner Project BOM Management
- 5. SW360 Project CC-BY-SA 4.0 FASTEN Project Workshop 2021 5 Product A Product A Product B Product B Project 1 Project 1 SW360 is a 3rd party software component catalogue Assigns 3rd party components to products or projects Basic Case Goals and Benefits • Reuse information about components • Coordinate product documentation process • Support software clearing A A B B C C H H C C H H I I J J E E A A B B C C D D E E F F G G H H I I J J … …
- 6. SW360 Project CC-BY-SA 4.0 FASTEN Project Workshop 2021 6 Main Use Case 1: Component Inventory Database ∙It is about Components in use: for all others, Internet can do better ∙OSS Licensing: collect analysed licensing information (and reuse analyses) ∙Not OSS only: internal components, commercial, freeware Collect Information about Components
- 7. SW360 Project CC-BY-SA 4.0 FASTEN Project Workshop 2021 7 Main Use Case 2: Software Bill of Material (SBOM) ∙Scanning for Licenses: other tools can do this better ∙Collecting Vulnerabilities: Sourcing vulnerabilities: already done by tools as well ∙Analyse Dependencies: ∙Good tools available to analyse packages, dependencies, third party software etc. SW360: Only Bill of Material, not Antenna O.R.T. Your own scripts FOSSology CVE search More analysis tools sw360 REST API
- 8. SW360 Project CC-BY-SA 4.0 FASTEN Project Workshop 2021 8 • About 40.000 releases • About 8000 products and projects • About 8k users at least one time logged in, about 200 users every day Deployment • 32GB of RAM, 2TB file system • IT security conformant hosting according to IT security classification: ● DMZs, certificate based login ● What would be a data security classification in your organisation? Example for SW360 Running Productive SW360 Today
- 9. SW360 Project CC-BY-SA 4.0 FASTEN Project Workshop 2021 9 • Vagrant-based setup at https://github.com/sw360/sw360vagrant • Docker-based under testing at https://github.com/sw360/sw360chores • Deployment info at: https://github.com/eclipse/sw360/wiki Documentation • Markdown based • REST API Docs • Documents linked on every footer of the page Deployment How to Run?
- 10. SW360 Project CC-BY-SA 4.0 FASTEN Project Workshop 2021 10 ○ September 2015: Initial release under github.com/sw360/sw360portal ○ November 2018: SW360 3.3: first release under Eclipse project space ○ 6.0: New FOSSology integration (REST instead of SSH) ○ 7.0: Relicensing to EPL-2.0 ○ 9.0: Changelog for records, custom fields ○ 11.0: Java 11, Liferay 7.3 ○ 12.1: improved obligations ○ 13.1: SW360 client Release History (selection) SW360 History
- 11. SW360 Project CC-BY-SA 4.0 FASTEN Project Workshop 2021 11 • SPDX import for Bill-of-Material (very basic, but working) • FOSSology scans can be triggered via SW360 REST API • SW360 in Japanese and Vietnamese! • We mentioned the change log: very important for a collaborative group • A lot of new REST endpoints including search, attachment handling • Documents linked on every footer of the page • Improving custom fields and external ids • sw360 Client Library in Java • Work-in-progress: integration with Open Source Review Toolkit New features since our last presentation ere New Since Last Year
- 12. SW360 Project CC-BY-SA 4.0 FASTEN Project Workshop 2021 12 Thank you for your attention! CC-BY-SA 4.0 https://creativecommons.org/licenses/by-sa/4.0/ Internet https://www.eclipse.org/sw360/ Github https://github.com/eclipse/sw360 https://github.com/sw360/sw360slides Further Links https://www.spdx.org https://www.fossology.org Title picture released by Kai Stachowiak under CC0-1.0 at https://publicdomainpictures.net/en/view-image.php? image=312825&picture=networking