Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Continuous License Compliance-Analysis

Awesome Incremented
July 09, 2018
23

Continuous License Compliance-Analysis

Awesome Incremented

July 09, 2018
Tweet

Transcript

  1. Automated License Complicance Analysis Navigate : Space / Arrow Keys

    | - Menu | - Fullscreen | - Overview | - Blackout | - Speaker | - Help M F O B S ?  1 / 18
  2. the cost of open source licensing compliance Proper licensing and

    copyright compliance, implemented as part of the normal QA process, can yield savings of between and 40% and 65%, relative to the potential costs of non- compliance. [ GitPitch @ github/mkoertgen/license.automation ]  4 / 18
  3. Some Terminology Software Asset Management (SAM) Software Composition Analysis (SCA)

    [ GitPitch @ github/mkoertgen/license.automation ]  5 / 18
  4.  Managing Open Source Licensing Do nothing Developer training and

    project planning Post-dev license analysis and correction Periodic assessment, automated Real-time preventive assistance at developer workstation [ GitPitch @ github/mkoertgen/license.automation ]  6 / 18
  5. Types of Software Components Source Code  Dependencies  Services

     [ GitPitch @ github/mkoertgen/license.automation ]  7 / 18
  6. Deep Code Scanning Example: Scan for license notice, similar code

    (active research) This file is part of Foobar. Foobar is free software: you can redistribute it and/or modif it under the terms of the GNU General Public License as publi ... [ GitPitch @ github/mkoertgen/license.automation ]  8 / 18
  7. STEP 1. Deploy license scanner Using git git clone https://github.com/mkoertgen/license.automation.git

    cd license.automation docker-compose up -d [ GitPitch @ github/mkoertgen/license.automation ]  12 / 18
  8. STEP 2. Add webhook (Github)  Settings -> Webhook ->

    Add webhook [ GitPitch @ github/mkoertgen/license.automation ]  13 / 18
  9. STEP 2. Add webhook (Gitlab)  Settings -> Integration [

    GitPitch @ github/mkoertgen/license.automation ]  14 / 18
  10. STEP 3. View dashboard Review licenses in Kibana dashboard [

    GitPitch @ github/mkoertgen/license.automation ]  15 / 18
  11. Costs of Licensing Policy Violations $20,000 cost of licensing non-compliance

    discovered in the eld $1,500 cost of licensing non-compliance discovered during QA $40 to x policy violation at developer's workstation [ GitPitch @ github/mkoertgen/license.automation ]  16 / 18
  12.  Observations from Analysis Scenarios The larger the project, the

    higher the probability of compliance violations Ignoring licensing compliance can be costly, and it is di cult to put an upper limit on the cost of shipping non-compliant software Corrective analysis, using automated toolsperiodically/during QA reduces overall cost signi cantly [ GitPitch @ github/mkoertgen/license.automation ]  17 / 18
  13. Questions? Reach out  @mkoertg  mkoertgen  @marcel.koertgen [

    GitPitch @ github/mkoertgen/license.automation ]  18 / 18