Learn more about the activities of this study group via their dedicated mailing list:
The OpenChain Project ran a series of webinars about using open source tools for open source compliance ran between September and December 2021. They have been re-published in the main webinar series to improve discoverability. This episode explores how a tool called VulnTotal can help with open source security management.
Philippe Ombredanne from nexB lead a technical deep dive into VulnTotal on the 7th of February 2023. It was about an aspect of the AboutCode Project, with VulnerableCode providing tools to collect, aggregate and refine software vulnerability information from more than 20 sources and tools to quickly create new “importers”. Called VulnTotal, it came out of Google Summer of Code 2022:
VulnTotal: Cross-validate vulnerability coverage of VulnerableCode (Keshav Priyadarshi)
VulnerableCode is a unique project that collates and cross-references FOSS vulnerability data from multiple sources. Inspired by the VirusTotal multi-scanner virus scanning service, the VulnTotal project will cross-validate the vulnerability coverage of VulnerableCode against other publicly available vulnerability check tools and databases. For instance, a package may be reported as vulnerable by one tool or database but not by another. We can gradually work with these tool providers to keep each other apprised about newly discovered vulnerabilities, making FOSS more secure.
More About Our Webinars:
This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.
Check Out The Rest Of Our Webinars
This is OpenChain Webinar #68, released on 2024-02-01. It was originally published as “Automation Case Study #7 – VulnerableCode technical deep dive into VulnTotal” on 2023-02-07.
The OpenChain Project ran a series of webinars about using open source tools for open source compliance ran between September and December 2021. They have been re-published in the main webinar series to improve discoverability. This episode explores how a Software Bill of Materials (SBOM) like SPDX ISO/IEC 5962 can optimize operations in the supply chain by ensuring manual or automated analysis works in a more efficient and effective manner.
Get the Slides
More About Our Webinars:
This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.
Check Out The Rest Of Our Webinars
This is OpenChain Webinar #67, released on 2024-02-01. “Automation Case Study #6 – Digging Further Into The Supply Chain” on 2021-12-09.
The OpenChain Project ran a series of webinars about using open source tools for open source compliance ran between September and December 2021. They have been re-published in the main webinar series to improve discoverability. This webinar explores how SPDX ISO/IEC 5962 works as a Software Bill of Materials (SBOM) in the supply chain through existing open source tooling for open source compliance.
Get the Slides
More About Our Webinars:
This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.
Check Out The Rest Of Our Webinars
This is OpenChain Webinar #66, released on 2024-02-01. It was originally published as “Automation Case Study #5 – SBOMs in a Virtual Supply Chain” on 2021-11-24.
The OpenChain Project ran a series of webinars about using open source tools for open source compliance ran between September and December 2021. They have been re-published in the main webinar series to improve discoverability. This episode explores how TERN (a container scanner) works both with the graphical tool and when used on its own.
Get the Slides
More About Our Webinars:
This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.
Check Out The Rest Of Our Webinars
This is OpenChain Webinar #65, released on 2024-02-01. It was originally published as “”Automation Case Study #4 – How The Graphical Interface Can Help With Using TERN” on 2021-10-29.
The OpenChain Project ran a series of webinars about using open source tools for open source compliance ran between September and December 2021. They have been re-published in the main webinar series to improve discoverability. This episode explores how ORT (the Open Source Review Toolkit) works both with the graphical tool and when used on its own.
Get the Slides
More About Our Webinars:
This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.
Check Out The Rest Of Our Webinars
This is OpenChain Webinar #64, released on 2024-02-01. It was originally published as “Automation Case Study #3 – How The Graphical Interface Can Help With Using Open Source Review Toolkit (ORT)” on 2021-10-15.
The OpenChain Project ran a series of webinars about using open source tools for open source compliance ran between September and December 2021. They have been re-published in the main webinar series to improve discoverability. This episode explores the engineering behind the new graphical tool from Facebook/TNG that makes open source tooling easier to use.
Get the Slides
More About Our Webinars:
This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.
Check Out The Rest Of Our Webinars
This is OpenChain Webinar #63, released on 2024-02-01. It was originally published as “”Automation Case Study #2 – A New Open Source Graphical Interface For Tooling” on 2021-09-29.
The OpenChain Project ran a series of webinars about using open source tools for open source compliance ran between September and December 2021. They have been re-published in the main webinar series to improve discoverability. This episode explores a new graphical tool from Facebook/TNG to make open source tooling easier to use. Our demo shows ORT calling ScanCode in a clean, simple way. We also discuss how the graphical interface was designed.
Get the Slides
More About Our Webinars:
This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.
Check Out The Rest Of Our Webinars
This is OpenChain Webinar #62, released on 2024-02-01. It was originally published as “Automation Case Study #1 – Contextualizing Tooling and Analysis” on 2021-09-22.
Welcome to another OpenChain Webinar. This time our speakers are Alberto Pianon and Carlo Piana from ARRAY. They are presenting the Open Source Management concept of Eclipse Oniro and explaining how deeper insights on the identification of the FOSS components and their respective license metadata can be uncovered via the audit policies for Oniro. This webinar is part of a series by the OpenChain Automation Workgroup to provide insight into good practices for community-based IP audits. These good practices will be used to align on a community-wide approach for metadata curation as base for sharing FOSS License Management Data.
Get The Slides
More About Our Webinars:
This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.
Check Out The Rest Of Our Webinars
This is OpenChain Webinar #58, released on 2024-01-31.
Newsletter – Issue 62 – January 2024
The OpenChain Newsletter provides a monthly summary of our work. It contains an overview of what we are doing to build trust around license compliance and security in the open source supply chain. We accept suggestions and ideas. Feel free to mail us at any time.
Headline News
The OpenChain Project in 2023 – Annual Report
The OpenChain Project in 2024 – Where We Go Next
- Dave Marr Announced as OpenChain Chair Emeritus
- Software Security Technology Co., Ltd. announces an ISO/IEC 5230 conformant program
- Shanghai Development Center of Computer Software Technology Software Engineering Institute announces an ISO/IEC 5230 conformant program
- China Industrial Control System Cyber Emergency Response Team (CIC) officially adds OpenChain Third-Party Certification to their Partnership
Outreach
Webinars
Meetings
Our community released the following meeting recordings via our main channel:
- OpenChain Monthly North America / Europe Call – January 2024 (2024-01-09)
- OpenChain Export Control Work Group 2024-01-09
- OpenChain Telco Work Group – Morning Meeting – 2024-01-11
- OpenChain Telco Work Group – Afternoon Meeting – 2024-01-11
- OpenChain Monthly North America / Asia Call – January 2024 (2024-01-16)
- OpenChain Legal Work Group – 2024-01-17
- OpenChain AI Study Group – Kick-Off Call – 2024-01-23
Note: Some community meetings are not recorded or are released through other channels
