Eclipse Apoapsis - Open Source based Software Composition Analysis at scale - OCX 2024

Channel:
Eclipse Foundation
Subscribers:
24,300
Published on ● Video Link: https://www.youtube.com/watch?v=oZBByfgyhNM


Game:
Eclipse --- Defending the motherland (2016)
Duration: 0:00
34 views
1

Creating and processing SBOMs at scale based on Open Source solutions: Intro to a new Eclipse Foundation Project Apoapsis (see also https://projects.eclipse.org/projects/technology.apoapsis ) providing a server concept to run continuous Software Composition Analysis for a large number of heterogeneous repositories. The talk will show the general setup how you can continuously generate your SBOMs and reports and provide the status of the published reference implementation the "ORT-Server" interacting with the OSS Review Toolkit. Diversity and agility are high values in the Software community. Diversity and agility in Software Development processes and tools are a challenge for automation, though. Accurate Software Composition Analysis is an important capability to keep transparency throughout the Software Lifecycle and is the base for the fulfillment of important non-functional requirements in the business context (e.g. SBOM-creation, Vulnerability Tracking, License compliance etc.) To handle automation with both aspects - accurate Software Composition Analysis and heterogeneous and agile environments - the Abstraction Layer for Software Composition Analysis (ALSCA) of the new Eclipse Foundation Apoapsis Project plays an important role. The Eclipse Apoapsis-project consolidates the requirements from the tooling side on the one hand and the requirements from the institutionalized operation side in medium to large organizations on the other hand. Concerning specifications and wording it will be based on the capability map created by the Open Chain Tooling Group in the context of Open Source Management (https://github.com/Open-Source-Compliance/Sharing-creates-value/tree/master/Tooling-Landscape/CapabilityMap). The Eclipse Apoapsis project provides blueprints to run central Software Composition Analysis pipelines at scale while covering a large range of project setups (e.g. from Mobile Apps using Cocoapods to Cloud Services using Java/Maven) and configurable extent of analysis (e.g. from mere SBOM-creation to full-blast Dependency Analysis including Vulnerabilities and Copyright/License reports).To achieve this, the ORT-server is based on the OSS Review Toolkit and makes use of its integration APIs for dependency analysis, license scanning, vulnerability databases, rule engine, and report generation. The Eclipse Apoapsis project itself will concentrate on the server functionality including user and role management and the necessary APIs.



Other Videos By Eclipse Foundation


2024-11-15A Java Developer’s Guide to Supply Chain Security - OCX 2024
2024-11-15Building Graphical Web Applications A Case Study on SysON - OCX 2024
2024-11-15Introducing the Open Collaboration Tools Project - OCX 2024
2024-11-15Open Worlds - Why Diversity in Open Source Foundations Matters - OCX 2024
2024-11-15Bringing cross platform graphical applications to the Oniro ecosystem through react native-OCX 2024
2024-11-15New concepts for cross company data sharing: Eclipse Dataspace Components Framework - OCX 2024
2024-11-15Initiative 31: Investigating Options to Modernize Eclipse SWT and Eclipse IDE's UI UX - OCX 2024
2024-11-15Navigating a security audit, the insights, challenges, experiences and lessons learnt - OCX 2024
2024-11-15From Monolith to Modulith: The Evolution of Sirius Web's Architecture OCX 2024
2024-11-15GitHub Copilot + Spring Making AI-assisted Coding Spring aware - OCX 2024
2024-11-14Eclipse Apoapsis - Open Source based Software Composition Analysis at scale - OCX 2024
2024-11-07What's the lifecycle of an Eclipse project?
2024-11-07Eclipse Ecosystem
2024-11-07What’s an Eclipse project?
2024-11-06Progress and Release Reviews of an Eclipse Project
2024-10-28Research @ Eclipse
2024-10-28Thank You For An Incredible OCX 2024!
2024-10-24Check the Day 3 highlights at OCX!
2024-10-23Let's wrap up Day 2 at OCX 2024!
2024-10-23CRA Standards Making: Understanding Key Standards and Their Production Timeline
2024-10-22Video blog "travel with me to OCX 2024"


Other Statistics

Eclipse --- Defending the motherland Statistics For Eclipse Foundation

Eclipse Foundation currently has 38,096 views spread across 32 videos for Eclipse --- Defending the motherland. About 17 hours worth of Eclipse --- Defending the motherland videos were uploaded to his channel, or 1.45% of the total watchable video on Eclipse Foundation's YouTube channel.