Eclipse SW360 is a software catalogue application designed to provide a central place for sharing information about software components used by an organization. It is designed to neatly integrate into existing infrastructures related to the management of software artifacts and projects by providing separate backend services for distinct tasks and a set of portlets to access these services. A complete deployment unit exists (vagrant box or docker container) that contains a complete configuration of all services and portlets.
Currently SW360 comprises the following main use case areas:
- Component: Handling of information and processes related to components, e.g. name, vendor
- License: Handling of information regarding licenses, e.g. obligations, license texts etc.
- Project: handling of project information providing a context for the use of components.
- Vulnerability: Collecting Security Vulnerability Management Information and matching them with components stored in the component service.
as well as connectors to interact with external systems such as FOSSology or commercial code scan tools, e.g. to import data or trigger source code scan jobs.
Features at a glance
- Maintain component meta data such as involved licenses, name, project URL, involved contributors in organization, type of software, etc
- Attach all kinds of information including clearing reports, SPDX documents etc to components
- Store and retrieve license data and relate licenses with standardized obligations to ease comprehensibility of licenses for project (and guide projects responsible how to implement license obligations)
- Maintain project metadata and project BOM to put component’s use into context
- Notification if vulnerabilities exist for components
- Trigger clearing jobs for components in FOSSology
- Our vision is that SW360 will be the central hub in an organization to consolidate and share all meta information available about software components to help architects and developers to quickly make informed decisions about software components.
- Meta information of software components comprises legal information (license and copyright), software quality, project characteristics and health, security and project roles such as developers, supports and users.
- Fully integration in state of the art build / delivery infrastructure to realize continuous delivery of high quality software with all required artefacts (BOM, licenses, copyright information, etc)
- Build federations of SW360 instances to share selected information.
The content of this open source project is received and distributed under the license(s) listed above. Some source code and binaries may be distributed under different terms. Specific license information is provided in file headers and in NOTICE files distributed with the project's binaries.