Creation Review

Type
Creation
State
Successful
End Date of the Review Period

Reviews run for a minimum of one week. The outcome of the review is decided on this date. This is the last day to make comments or ask questions about this review.

Proposal

Eclipse SW360antenna

Thursday, February 8, 2018 - 15:02 by Johannes Kristan
This proposal is in the Project Proposal Phase (as defined in the Eclipse Development Process) and is written to declare its intent and scope. We solicit additional participation and input from the community. Please login and add your feedback in the comments section.
Parent Project
Proposal State
Created
Background

Open Source has arrived in day-to-day software development of all kinds of organizations. However, to use Open Source software in legally compliant and save way, various precautions have to be taken and obligations have to be fulfilled. E.g. many open source licenses require to ship the license text with a software or list the copyright holders. Doing that in a manual way is tedious and error prone. Hence, tools like Eclipse SW360 are created.

Today's software development is on a high pace with almost fully automated build pipelines and continuous deployment scenarios. To properly provide software development projects with compliance related artifacts it is required to provide those artifacts in an automated way.

Scope

The Eclipse SW360antenna project provides tooling to generate compliance related artifacts (disclosure document, source code bundle, written offer etc) directly within a build process. It relies on data that is provided by different sources such as an SW360 instance.

Description

Eclipse SW360antenna is a tool to automate your open source license compliance processes as much as possible. In the end that is

  •  collecting all compliance relevant data,
  •  process that data and warn if there might be any license compliance related issues, and
  •  generating a set of compliance artifacts (source code bundle, disclosure document, report)

for your project.

To reflect those three different types of tasks SW360antenna is built around a workflow engine, which allows to orchestrate a set of analyzers to gather required information, processors to arrange, adjust and evaluate that data, and a set of generators to produce a set of compliance related artifacts. Since licensing issues can deeply affect the success of your project it is required to be notified about any issues as early as possible in the development process. It is therefore useful to generate that information directly within your build. SW360antenna can directly be integrated into the build process. This is realized with several so called frontends to build systems, which allow to invoke the tool and provide it with necessary configuration. 

The SW360antenna project is set up in a way that allows to easily create a custom configuration with a preconfigured set of shipped and custom analyzers, processors and generators to fit the needs of your internal compliance processes. E.g. You might use a commercial tool to analyze your dependencies and do not rely on the results of the maven dependency plugin. In that case you can provide a custom analyzer implementation, provide a custom configuration and bundle that as the tool, which can be used by your development teams to scan their projects.

Why Here?

Creating a project like SW360antenna to supplement Eclipse SW360 is the natural next step. SW360 is capable of collecting component information and making it available at a central place. The natural next step is to provide tooling to actually use that information in a build and by that further automate the compliance processes in organizations.

Future Work

Next steps

  • Provide Gradle frontend
  • Enhance SW360 connector
  • Improve documentation and supporting material

Community work

  • Present project at conferences (EC France, BITKOM, ...)
  • Setup mailing list
  • Communicate availability in already established network around Open Source Compliance Tooling

 

Project Scheduling

Q2/2018

  • provide initial contribution
  • legal check of initial contribution
  • setup public build infrastructure

Q3/2018

  • setup project page
  • first milestone release

Q4/2018

  • further feature implementation
Project Leads
Committers
Maximilian Huber (This committer does not have an Eclipse Account)
Johannes Kristan (This committer does not have an Eclipse Account)
Interested Parties

Bosch Software Innovations GmbH

Siemens AG

Endocode AG

 

 

Initial Contribution

The initial contribution will be the publicly releasable part of an internal tool (TINA Tool) that is already in productive use for quite a while at Bosch Software Innovations GmbH. It consists of roughly 20 KLOC and is a Maven multi-module project.

Source Repository Type