@Aaron Williamson

FINOS

@Aitana Myohl

FINOS

@Rob Underwood (Deactivated)

FINOS

@Tosha Ellison

FINOS

Gilles Gravier

Wipro

Gaurav Parakh

Wipro

@Colin Eberhardt (He/Him)

Scott Logic

Rich Heironomous

Freddie Mac

5 min

Convene & roll call

@Aaron Williamson

30 min

Open source tooling review

@Aaron Williamson

The group reviewed the open source compliance tools presented over the last several meetings (SW360, FOSSology, Quartermaster, OSS Review Toolkit) in the context of the broader compliance toolchain model below, discussing:

• the role of tooling in the larger open source compliance process

• considerations for choosing whether to build (with open source components) or buy a compliance solution

• different approaches to various aspects of compliance (e.g. scanning versus dependency mapping)

• participants' experiences with different tools, workflows, and vendors.

Open

It was suggested that FINOS lead efforts to:

• gather comparative data on different open source compliance vendors and their offerings

• produce information describing discrete open source compliance workflows for common use cases and covering the tools available for each

• produce a short whitepaper on the specific risks open source compliance processes are meant to control for, how to evaluate them, what common antipatterns are, etc.

10 min

OSS process roadblock problem-solving

All

There was a brief discussion where members have experienced friction in building out their open source programs and discuss potential solutions.

5 min

Any other business & adjournment