@Aaron Williamson

FINOS

@Tosha Ellison

FINOS

Reza Alavi

Wipro

Gaurav Parakh

Wipro

Vanessa Silva

Itau

Sally Ellard

Deutsche Bank

Gilles Gravier

Wipro

Rich Heironimus

Freddie Mac

@Rob Underwood (Deactivated)

FINOS

5 min

Convene & roll call

@Aaron Williamson

30 min

Defining compliance workflows

@Aaron Williamson

Every open source compliance program performs the same basic compliance processes, such as:

• evaluating new open source components for inclusion in projects

• review of products for open source compliance before release

• review of external open source contributions

In this meeting, the group discussed how best to capture the high-level functional requirements of common compliance tasks, with an eye toward documenting and standardizing them. We looked at two different ways to document a workflow for performing automated compliance checks via CI/CD:

• Example 1 is a written workflow drafted by @Aaron Williamson for this discussion

• Example 2 is a workflow diagram produced by the OpenChain Open Source Tooling Group (and generated from source code written using the PlantUML diagram definition language)

Both examples refer to the functional components of open source compliance infrastructure documented in the diagram below and further explained in this glossary.

Open

10 min

Open discussion

All

Opportunity for participants to raise issues for discussion or ask questions of the group

5 min

Any other business & adjournment