SlideShare a Scribd company logo

FOSSLight Open Source Project

Shane Coughlan, profile picture
Shane Coughlan

FOSSLight is an open source project that provides an all-in-one tool and system for open source compliance and vulnerability management. It includes scanners to detect open source components in source code, dependencies, and binaries. It also provides features for bill of materials management, open source notices, and OpenChain conformance. The FOSSLight project is available on GitHub and aims to help software teams streamline their open source governance process.

Software
1 of 30
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
FOSSLight Open Source Project 2021. 7. 6. Kyoungae Kim OpenChain Webinar
1 / 29 Contents 1. What is FOSSLight? 2. Why FOSSLight System? 3. FOSSLight Open Source Project
What is FOSSLight?
3 / 29 LGE OSC Process WE NEED A TOOL & SYSTEM
4 / 29 OSPO SW development team LGE OSC Process & FOSSLight Step1. Identification Step 4. Distribution Step 2. Approval Step 3. Notice & Verification Analyze open source Request for analysis review Create OSS Package OSS Package Distribute OSS distribution site Notice OSS Notice & OSS Package Notice OSS Notice Review OSS Package Review analysis result BOM OSS BOM & Obligation OSS report FOSSLight report FOSSLight Scanner FOSSLight FOSSLight Open Source Project Software
5 / 29 FOSSLight Scanner Dependency Binary Source Code Source Scanner Dependency Scanner Binary Scanner Android Yocto Platform specific npm pip maven gradle pods ∙∙∙ ScanCode
6 / 29 OSS License Vulnera bility 3rd Party Project Self check Rest API CI/CD FOSSLight System  All-in-one Open Source Compliance & Vulnerability Project OSC Process License / OSS Vulnerability 3rd Party Project 3rd Party OSS Management Self-Check Check OSS, License, Vulnerability without OSPO Review
7 / 29 FOSSLight Source Scanner  Detect Copyright & License text  String Search  Use ScanCode  Cannot find OSS Name  https://github.com/fosslight/fosslight_source_scanner
8 / 29 FOSSLight Dependency Scanner  Print OSS information based on dependencies.  Available Package Manager  Gradle (Java/Android)  Maven (Java)  NPM (Node.js)  Pypi (Python)  Pub (Dart with flutter)  Cocoapods (Swift/Obj-C)  Direct Dependency & Transitive Dependency  https://github.com/fosslight/fosslight_dependency_scanner
9 / 29 FOSSLight Release soon..  FOSSLight Binary Scanner  Doesn’t scan binary itself.  Just calculate checksum(same) and TLSH(similar)  Compare with Binary DB Information and extract OSS Information  FOSSLight REUSE  Reuse (https://github.com/fsfe/reuse-tool)  Check Copyright/License writing rules in Source Code
Why FOSSLight System ?
11 / 29 Project Dashboard
12 / 29 BOM Management (1/2) https://linuxfoundation.org/blog/what-is-an-sbom/
13 / 29 BOM Management (2/2)
14 / 29 BOM Compare
15 / 29 Same OSS (Nickname)
16 / 29 Same OSS (Nickname)
17 / 29 Same License (Nickname)
18 / 29 Support Various OSS Notice Format
19 / 29 Communication
20 / 29 OpenChain Conformance
FOSSLight Open Source Project
22 / 29 FOSSLight Open Source Project FOSS (Free and Open Source Software) + Light
23 / 29 FOSSLight  https://FOSSLight.org  https://demo.FOSSLight.org  https://FOSSLight.org/fosslight-guide
24 / 29 FOSSLight Press Release
25 / 29 Github Star
26 / 29 FOSSLight Roadmap FOSSLight Source Scanner FOSSLight System FOSSLight Binary Scanner FOSSLight Reuse FOSSLight Dependency Scanner 2021 1Q 2021 2Q 2021 3Q
27 / 29 FOSSLight Contribution Items  Identification Input : SPDX, other scanner result  Distribution Implementation  Integration with Open Database (ex. Software Heritage)  Test Automation
28 / 29 Your attention, please. Thank YOU !!
29 / 29 Appendix. FOSSLight Sticker Image Candidates

More Related Content

PDF
SBOM, Is It 42?
Bill Bensing
 
PDF
Pen-Testing with Metasploit
Mohammed Danish Amber
 
PPTX
Cyber Threat Intelligence.pptx
AbimbolaFisher1
 
PPTX
DAST, SAST, Hybrid, Hybrid 2.0 & IAST - Methodology & Limitations
iAppSecure Solutions
 
PPTX
Presentation on 'Understanding and Utilising Threat Intelligence in Cybersecu...
APNIC
 
PPTX
Detection Rules Coverage
Sunny Neo
 
PPTX
VAPT - Vulnerability Assessment & Penetration Testing
Netpluz Asia Pte Ltd
 
PPTX
Dragos S4x20: How to Build an OT Security Operations Center
Dragos, Inc.
 
SBOM, Is It 42?
Bill Bensing
 
Pen-Testing with Metasploit
Mohammed Danish Amber
 
Cyber Threat Intelligence.pptx
AbimbolaFisher1
 
DAST, SAST, Hybrid, Hybrid 2.0 & IAST - Methodology & Limitations
iAppSecure Solutions
 
Presentation on 'Understanding and Utilising Threat Intelligence in Cybersecu...
APNIC
 
Detection Rules Coverage
Sunny Neo
 
VAPT - Vulnerability Assessment & Penetration Testing
Netpluz Asia Pte Ltd
 
Dragos S4x20: How to Build an OT Security Operations Center
Dragos, Inc.
 

What's hot (20)

PPTX
Vapt pci dss methodology ppt v1.0
Network Intelligence India
 
PDF
Final Project Report-SIEM
Rangan Yoga
 
PDF
F5 Web Application Security
MarketingArrowECS_CZ
 
PPTX
Threat Hunting with Splunk Hands-on
Splunk
 
PDF
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Bangladesh Network Operators Group
 
PDF
Threat Hunting with Splunk
Splunk
 
PDF
Threat Hunting
Splunk
 
PPTX
VAPT PRESENTATION full.pptx
DARSHANBHAVSAR14
 
PPTX
F5 - BigIP ASM introduction
Jimmy Saigon
 
PDF
Patch and Vulnerability Management
Marcelo Martins
 
PDF
Edge architecture ieee international conference on cloud engineering
Mikey Cohen - Hiring Amazing Engineers
 
PPT
Introduction to Web Application Penetration Testing
Anurag Srivastava
 
PDF
Super Easy Memory Forensics
IIJ
 
ODP
OWASP Secure Coding
bilcorry
 
PDF
Threat Intelligence 101 - Steve Lodin - Submitted
Steve Lodin
 
PPTX
Security Champions - Introduce them in your Organisation
Ives Laaf
 
PDF
IBM QRadar Security Intelligence Overview
Camilo Fandiño Gómez
 
PPTX
Cyber Defense Matrix: Revolutions
Sounil Yu
 
PDF
Cyber Kill Chain Deck for General Audience
Tom K
 
PPTX
Bsides 2019 - Intelligent Threat Hunting
Dhruv Majumdar
 
Vapt pci dss methodology ppt v1.0
Network Intelligence India
 
Final Project Report-SIEM
Rangan Yoga
 
F5 Web Application Security
MarketingArrowECS_CZ
 
Threat Hunting with Splunk Hands-on
Splunk
 
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Bangladesh Network Operators Group
 
Threat Hunting with Splunk
Splunk
 
Threat Hunting
Splunk
 
VAPT PRESENTATION full.pptx
DARSHANBHAVSAR14
 
F5 - BigIP ASM introduction
Jimmy Saigon
 
Patch and Vulnerability Management
Marcelo Martins
 
Edge architecture ieee international conference on cloud engineering
Mikey Cohen - Hiring Amazing Engineers
 
Introduction to Web Application Penetration Testing
Anurag Srivastava
 
Super Easy Memory Forensics
IIJ
 
OWASP Secure Coding
bilcorry
 
Threat Intelligence 101 - Steve Lodin - Submitted
Steve Lodin
 
Security Champions - Introduce them in your Organisation
Ives Laaf
 
IBM QRadar Security Intelligence Overview
Camilo Fandiño Gómez
 
Cyber Defense Matrix: Revolutions
Sounil Yu
 
Cyber Kill Chain Deck for General Audience
Tom K
 
Bsides 2019 - Intelligent Threat Hunting
Dhruv Majumdar
 
Ad

Similar to FOSSLight Open Source Project (20)

PDF
Fedora Modularity
Adam Šamalík
 
PPTX
Open Source Software Concepts
JITENDRA LENKA
 
PPTX
2nd
Erm78
 
PPTX
2nd
Erm78
 
PDF
Introduction to FOSS
mgamal87
 
PDF
Intro to FOSS
mgamal87
 
PDF
Cape Cod Web Technology Meetup - 3
Asher Martin
 
KEY
Using Open Source for Enterprise
Eric Fesler
 
PDF
An Overview of the IHK/McKernel Multi-kernel Operating System
Linaro
 
ODP
Fos sintro pres-dav
Parin Sharma
 
ODP
Introduction to Free and Open Source Software (FOSS)
Dong Calmada
 
PDF
GoOpen 2010: Sandro D'Elia
Friprogsenteret
 
PPT
Asf icfoss-mentoring
Luciano Resende
 
ODP
Gup2011| open source
Outserve
 
ODP
Open Source Selection
Roberto Galoppini
 
PDF
An Open Source Workshop
halehmahbod
 
PDF
Build OTB with the SuperBuild
otb
 
ODP
Foss Presentation
Ahmed Mekkawy
 
PPTX
Hacktoberfest 2020 - Open source for beginners
DeepikaRana30
 
DOC
Report presentation
Zul Mazlan
 
Fedora Modularity
Adam Šamalík
 
Open Source Software Concepts
JITENDRA LENKA
 
2nd
Erm78
 
2nd
Erm78
 
Introduction to FOSS
mgamal87
 
Intro to FOSS
mgamal87
 
Cape Cod Web Technology Meetup - 3
Asher Martin
 
Using Open Source for Enterprise
Eric Fesler
 
An Overview of the IHK/McKernel Multi-kernel Operating System
Linaro
 
Fos sintro pres-dav
Parin Sharma
 
Introduction to Free and Open Source Software (FOSS)
Dong Calmada
 
GoOpen 2010: Sandro D'Elia
Friprogsenteret
 
Asf icfoss-mentoring
Luciano Resende
 
Gup2011| open source
Outserve
 
Open Source Selection
Roberto Galoppini
 
An Open Source Workshop
halehmahbod
 
Build OTB with the SuperBuild
otb
 
Foss Presentation
Ahmed Mekkawy
 
Hacktoberfest 2020 - Open source for beginners
DeepikaRana30
 
Report presentation
Zul Mazlan
 
Ad

More from Shane Coughlan (20)

PPTX
Operations Profile SPDX_Update_20250711_Example_05_03.pptx
Shane Coughlan
 
PDF
The 3rd OSPO Summit - China (Beijing - 2025-06-12)
Shane Coughlan
 
PPTX
OpenChain Korea Work Group Meeting - 2025-06-16
Shane Coughlan
 
PPTX
OpenChain Tooling Work Group - 2025-07-02
Shane Coughlan
 
PPTX
OpenChain @ OSS NA - In From the Cold: Open Source as Part of Mainstream Soft...
Shane Coughlan
 
PPTX
In From the Cold: Open Source as Part of Mainstream Software Asset Management
Shane Coughlan
 
PPTX
Empowering Asian Contributions: The Rise of Regional User Groups in Open Sour...
Shane Coughlan
 
PDF
Open Chain Q2 Steering Committee Meeting - 2025-06-25
Shane Coughlan
 
PDF
OpenChain Webinar - AboutCode - Practical Compliance in One Stack – Licensing...
Shane Coughlan
 
PPTX
OpenChain China Work Group – Regular Meeting 3 – 2024-11-29 @ 14:00 to 17:30
Shane Coughlan
 
PPTX
OpenChain @ InnerSource Summit 2024 - 2024-11-20
Shane Coughlan
 
PPTX
OpenChain Korea Work Group Meeting #24 - 2024-11-26
Shane Coughlan
 
PDF
Compliance and Integrity in the Software Supply Chain with Software Heritage:...
Shane Coughlan
 
PDF
Fujitsu’s OSS standards conformance and AI Management System Standardization ...
Shane Coughlan
 
PPTX
OpenChain China Work Group Presentation @ OSCAR 2024
Shane Coughlan
 
PPTX
OpenChain Japan Community Day - 2024-10-17
Shane Coughlan
 
PPTX
ETRI EOST2024 Seoul Keynote - 2024-10-15
Shane Coughlan
 
PDF
OpenChain Webinar- The Role of Data in the Supply Chain of AI - 2024-10-10
Shane Coughlan
 
PDF
SBOM Implementation Reality - From Crawl to Walk, the SPDX Lite Profile for t...
Shane Coughlan
 
PPTX
OpenChain Webinar - AI Legal Landscape - Slides
Shane Coughlan
 
Operations Profile SPDX_Update_20250711_Example_05_03.pptx
Shane Coughlan
 
The 3rd OSPO Summit - China (Beijing - 2025-06-12)
Shane Coughlan
 
OpenChain Korea Work Group Meeting - 2025-06-16
Shane Coughlan
 
OpenChain Tooling Work Group - 2025-07-02
Shane Coughlan
 
OpenChain @ OSS NA - In From the Cold: Open Source as Part of Mainstream Soft...
Shane Coughlan
 
In From the Cold: Open Source as Part of Mainstream Software Asset Management
Shane Coughlan
 
Empowering Asian Contributions: The Rise of Regional User Groups in Open Sour...
Shane Coughlan
 
Open Chain Q2 Steering Committee Meeting - 2025-06-25
Shane Coughlan
 
OpenChain Webinar - AboutCode - Practical Compliance in One Stack – Licensing...
Shane Coughlan
 
OpenChain China Work Group – Regular Meeting 3 – 2024-11-29 @ 14:00 to 17:30
Shane Coughlan
 
OpenChain @ InnerSource Summit 2024 - 2024-11-20
Shane Coughlan
 
OpenChain Korea Work Group Meeting #24 - 2024-11-26
Shane Coughlan
 
Compliance and Integrity in the Software Supply Chain with Software Heritage:...
Shane Coughlan
 
Fujitsu’s OSS standards conformance and AI Management System Standardization ...
Shane Coughlan
 
OpenChain China Work Group Presentation @ OSCAR 2024
Shane Coughlan
 
OpenChain Japan Community Day - 2024-10-17
Shane Coughlan
 
ETRI EOST2024 Seoul Keynote - 2024-10-15
Shane Coughlan
 
OpenChain Webinar- The Role of Data in the Supply Chain of AI - 2024-10-10
Shane Coughlan
 
SBOM Implementation Reality - From Crawl to Walk, the SPDX Lite Profile for t...
Shane Coughlan
 
OpenChain Webinar - AI Legal Landscape - Slides
Shane Coughlan
 

Recently uploaded (20)

PDF
How Tridens DevSecOps Ensures Compliance, Security, and Agility
Tridens
 
PDF
iTop VPN Crack Latest Version Full Key 2025
hashmianya37
 
PDF
wealthsignaloriginal-com-DS-text-... (1).pdf
skmiani786
 
PPTX
Computer Software and OS of computer science of grade 11.pptx
GauravDahal9
 
PPTX
Trending Python Topics for Data Visualization in 2025
IT IDOL Technologies
 
PPTX
AMADEUS TRAVEL AGENT SOFTWARE | AMADEUS TICKETING SYSTEM
philipnathen82
 
PPTX
WiFi Honeypot Detecscfddssdffsedfseztor.pptx
singlesrihari
 
PPTX
Custom Software Development Services.pptx.pptx
TVL IT Solutions
 
PDF
Top 10 Software Development Trends to Watch in 2025 🚀.pdf
KodekX
 
PDF
Designing Intelligence for the Shop Floor.pdf
nikglvk
 
DOCX
Greta — No-Code AI for Building Full-Stack Web & Mobile Apps
niloyislam1187
 
PPTX
assetexplorer- product-overview - presentation
nonameist3434
 
PPTX
Weekly report ppt - harsh dattuprasad patel.pptx
bikerslovers123
 
PDF
Autodesk AutoCAD Crack Free Download 2025
hggfcrd hgggref
 
PDF
EaseUS PDF Editor Pro 6.2.0.2 Crack with License Key 2025
halimaanam8
 
PPTX
"Secure File Sharing Solutions on AWS".pptx
sudharani74442
 
DOCX
How to Use SharePoint as an ISO-Compliant Document Management System
Sharepoint Designs
 
PDF
Topaz Photo AI Crack New Download (Latest 2025)
hashmi66g66
 
PPTX
Monitoring Stack: Grafana, Loki & Promtail
GhanshyamSwami3
 
PPTX
Oracle Fusion HCM Cloud Demo for Beginners
DharanOracleerp
 
How Tridens DevSecOps Ensures Compliance, Security, and Agility
Tridens
 
iTop VPN Crack Latest Version Full Key 2025
hashmianya37
 
wealthsignaloriginal-com-DS-text-... (1).pdf
skmiani786
 
Computer Software and OS of computer science of grade 11.pptx
GauravDahal9
 
Trending Python Topics for Data Visualization in 2025
IT IDOL Technologies
 
AMADEUS TRAVEL AGENT SOFTWARE | AMADEUS TICKETING SYSTEM
philipnathen82
 
WiFi Honeypot Detecscfddssdffsedfseztor.pptx
singlesrihari
 
Custom Software Development Services.pptx.pptx
TVL IT Solutions
 
Top 10 Software Development Trends to Watch in 2025 🚀.pdf
KodekX
 
Designing Intelligence for the Shop Floor.pdf
nikglvk
 
Greta — No-Code AI for Building Full-Stack Web & Mobile Apps
niloyislam1187
 
assetexplorer- product-overview - presentation
nonameist3434
 
Weekly report ppt - harsh dattuprasad patel.pptx
bikerslovers123
 
Autodesk AutoCAD Crack Free Download 2025
hggfcrd hgggref
 
EaseUS PDF Editor Pro 6.2.0.2 Crack with License Key 2025
halimaanam8
 
"Secure File Sharing Solutions on AWS".pptx
sudharani74442
 
How to Use SharePoint as an ISO-Compliant Document Management System
Sharepoint Designs
 
Topaz Photo AI Crack New Download (Latest 2025)
hashmi66g66
 
Monitoring Stack: Grafana, Loki & Promtail
GhanshyamSwami3
 
Oracle Fusion HCM Cloud Demo for Beginners
DharanOracleerp
 

FOSSLight Open Source Project

  • 1. FOSSLight Open Source Project 2021. 7. 6. Kyoungae Kim OpenChain Webinar
  • 2. 1 / 29 Contents 1. What is FOSSLight? 2. Why FOSSLight System? 3. FOSSLight Open Source Project
  • 4. 3 / 29 LGE OSC Process WE NEED A TOOL & SYSTEM
  • 5. 4 / 29 OSPO SW development team LGE OSC Process & FOSSLight Step1. Identification Step 4. Distribution Step 2. Approval Step 3. Notice & Verification Analyze open source Request for analysis review Create OSS Package OSS Package Distribute OSS distribution site Notice OSS Notice & OSS Package Notice OSS Notice Review OSS Package Review analysis result BOM OSS BOM & Obligation OSS report FOSSLight report FOSSLight Scanner FOSSLight FOSSLight Open Source Project Software
  • 6. 5 / 29 FOSSLight Scanner Dependency Binary Source Code Source Scanner Dependency Scanner Binary Scanner Android Yocto Platform specific npm pip maven gradle pods ∙∙∙ ScanCode
  • 7. 6 / 29 OSS License Vulnera bility 3rd Party Project Self check Rest API CI/CD FOSSLight System  All-in-one Open Source Compliance & Vulnerability Project OSC Process License / OSS Vulnerability 3rd Party Project 3rd Party OSS Management Self-Check Check OSS, License, Vulnerability without OSPO Review
  • 8. 7 / 29 FOSSLight Source Scanner  Detect Copyright & License text  String Search  Use ScanCode  Cannot find OSS Name  https://github.com/fosslight/fosslight_source_scanner
  • 9. 8 / 29 FOSSLight Dependency Scanner  Print OSS information based on dependencies.  Available Package Manager  Gradle (Java/Android)  Maven (Java)  NPM (Node.js)  Pypi (Python)  Pub (Dart with flutter)  Cocoapods (Swift/Obj-C)  Direct Dependency & Transitive Dependency  https://github.com/fosslight/fosslight_dependency_scanner
  • 10. 9 / 29 FOSSLight Release soon..  FOSSLight Binary Scanner  Doesn’t scan binary itself.  Just calculate checksum(same) and TLSH(similar)  Compare with Binary DB Information and extract OSS Information  FOSSLight REUSE  Reuse (https://github.com/fsfe/reuse-tool)  Check Copyright/License writing rules in Source Code
  • 12. 11 / 29 Project Dashboard
  • 13. 12 / 29 BOM Management (1/2) https://linuxfoundation.org/blog/what-is-an-sbom/
  • 14. 13 / 29 BOM Management (2/2)
  • 15. 14 / 29 BOM Compare
  • 16. 15 / 29 Same OSS (Nickname)
  • 17. 16 / 29 Same OSS (Nickname)
  • 18. 17 / 29 Same License (Nickname)
  • 19. 18 / 29 Support Various OSS Notice Format
  • 21. 20 / 29 OpenChain Conformance
  • 23. 22 / 29 FOSSLight Open Source Project FOSS (Free and Open Source Software) + Light
  • 24. 23 / 29 FOSSLight  https://FOSSLight.org  https://demo.FOSSLight.org  https://FOSSLight.org/fosslight-guide
  • 25. 24 / 29 FOSSLight Press Release
  • 27. 26 / 29 FOSSLight Roadmap FOSSLight Source Scanner FOSSLight System FOSSLight Binary Scanner FOSSLight Reuse FOSSLight Dependency Scanner 2021 1Q 2021 2Q 2021 3Q
  • 28. 27 / 29 FOSSLight Contribution Items  Identification Input : SPDX, other scanner result  Distribution Implementation  Integration with Open Database (ex. Software Heritage)  Test Automation
  • 29. 28 / 29 Your attention, please. Thank YOU !!
  • 30. 29 / 29 Appendix. FOSSLight Sticker Image Candidates