2019-09-25 OSR WG Meeting Notes

Table of Contents

09/25/2019 10AM EST

Attendees

NameOrganizationGithub ID
Aaron WilliamsonFINOS
Aitana MyohlFINOS
Rob Underwood (Deactivated)

FINOS


Tosha EllisonFINOS
Gilles Gravier

Wipro


Gaurav ParakhWipro
Colin Eberhardt (He/Him)Scott Logic
Rich HeironomousFreddie Mac

Agenda

TimeItemWhoNotes from the Meeting
5 minConvene & roll call
30 minOpen source tooling reviewAaron Williamson

The group reviewed the open source compliance tools presented over the last several meetings (SW360, FOSSology, Quartermaster, OSS Review Toolkit) in the context of the broader compliance toolchain model below, discussing:

  • the role of tooling in the larger open source compliance process
  • considerations for choosing whether to build (with open source components) or buy a compliance solution
  • different approaches to various aspects of compliance (e.g. scanning versus dependency mapping)
  • participants' experiences with different tools, workflows, and vendors.

It was suggested that FINOS lead efforts to:

  • gather comparative data on different open source compliance vendors and their offerings
  • produce information describing discrete open source compliance workflows for common use cases and covering the tools available for each
  • produce a short whitepaper on the specific risks open source compliance processes are meant to control for, how to evaluate them, what common antipatterns are, etc.



10 minOSS process roadblock problem-solvingAllThere was a brief discussion where members have experienced friction in building out their open source programs and discuss potential solutions.
5 minAny other business & adjournment



Decisions Made

N/A

Action Items


Need help? Email help@finos.org we'll get back to you.

Content on this page is licensed under the CC BY 4.0 license.
Code on this page is licensed under the Apache 2.0 license.