Table of Contents

Date/Time

Wednesday, 2019-09-11, 12am ET

Description	Assignee	Task appears on
Next ODP meeting notes onto GitHub; check examples: https://github.com/tc39/notes , https://github.com/emberjs/core-notes , https://github.com/reactiveui/meeting-minutes , https://github.com/nteract/meeting-minutes , https://github.com/finos/voice-metadata-standard/wiki		2019-12-18 ODP WG Meeting notes
Create an issue template for new ODP suggestion into https://github.com/finos/open-developer-platform/issues (see cloud service certification as example		2019-12-18 ODP WG Meeting notes
Create epic with the workflow proposed by OSR /cc James McLeod (Unlicensed)	James McLeod (Unlicensed)	2019-10-9 ODP WG Meeting notes
GitHub consolidation docs on handbook - INT-748 - Getting issue details... STATUS		2019-08-28 ODP WG Meeting notes
GitHub Actions spike for license scanning - ODP-10 - Getting issue details... STATUS (see https://github.com/finos/odp-test/blob/master/.github/workflows/fossa-cli.yml)		2019-08-28 ODP WG Meeting notes
Add docs to GitHub consolidation re. security checks on GitHub		2019-08-14 ODP WG Meeting notes

Time	Item	Who	Notes from the Meeting
5 mins	Convene & Roll Call	Former user (Deleted)
5 mins	Welcome James!	James McLeod (Unlicensed)	James is the new FINOS Community Director
10 mins	FOSSA		Question on reporting format: does fossa-cli use a fossa-generated format, or is this following one of the standard BOM formats being developed by the community for greater reuse? See ODP-10 - Getting issue details... STATUS and https://gist.github.com/maoo/40a4f7a9df8315290a1b0c347dd018da Discuss mao proposal for FOSSA GitHub Action, see below
15 mins	WhiteSource Webinar on Wednesday November 6	Maurizio Pillitu	Update FINOS calendar to "merge" ODP WG call with WhiteSource webinar (Wednesday November 6) - OK from Brian. Engage with members and invite them to attend Great opportunity to socialize WhiteSource solution across FINOS community Teaser for WhiteSource sessions at OSSF
5 mins	Retrospective on current sprint	Group
10 mins	Next Sprint priorities	Group
10 mins	Backlog scrubbing	Group
5	AOB & adjourn	Group

Build a standard GitHub action that reacts on commits and Pull Requests (PRs) on a given GitHub repository, called FOSSA GitHub Action.

Every time that a commit is pushed or a PR is merged, the FOSSA GitHub Action is triggered, the action

Reads the FOSSA_API_KEY (encrypted) environment variable, containing the key of FINOS account
Invokes "fossa init" and "fossa report licenses --json", generating a JSON payload with all library and license definitions
Parses the generated JSON (on step 5) and builds a report with

List of libraries with compatible licenses (and the compatible license that applies)
List of libraries with incompatible licenses
List of libraries with unknown licenses

Format the report in Markdown and post on a new github issue. If the action was triggered by a PR, the check will succeed or fail based on the amount of incompatible /unknown licenses found