HOW TO UTILIZE OPEN SOURCE IN YOUR CODE BASE AND BUILD PROCESS. 2015 Black Duck Software, Inc. All Rights Reserved.

Similar documents
How To Improve Your Software

Adapting IT Governance Frameworks to Ensure Control and Visibility of Open Source

OSS LOGISTICS: DRIVING INNOVATIVE SOFTWARE FROM DEVELOPER TO CUSTOMER Alex Bigmore Senior Architect & Open Source Governance Programme Manager SITA

How to Ensure IT Compliance Without Compromising Innovation. Nik Teshima, IBM Phil Odence, Black Duck

XEROX TALKS BEST PRACTICES FOR OPEN SOURCE GOVERNANCE

OPEN SOURCE SOFTWARE CUSTODIAN AS A SERVICE

Managing Open Source Code Best Practices

Releasing High Quality Applications More Quickly with vrealize Code Stream

How To Manage An Open Source Software

5 Steps for a Winning Open Source Compliance Program

FOSSBazaar A Governance Initiative to manage Free and Open Source Software life cycle

The Corporate Counsel s Guide to Open Source Software Policy Implementation

Open Source Software and the impact on Mergers & Acquisitions

CLOUD BUSINESS MODELS AND THE EVOLUTION OF OPEN SOURCE LICENSES

nexb- Software Audit for Acquisition Due Diligence

Driving Business Agility with the Use of Open Source Software

Table of contents. Best practices in open source governance. Managing the selection and proliferation of open source software across your enterprise

Legal Issues for FOSS-based Supply Chain Management. Herve Guyomard, Black Duck Software

Streamlining Open Source License Compliance with SPDX

Driving Innovation with Open Source A View from the Automotive Industry. BearingPoint Black Duck Software

An Introduction to Open Source Software and Licensing

Building Robust Applications l Optimizing Performance l Transforming Business

GENIVI FAQ. What is the GENIVI Alliance?

BOM based on what they input into fossology.

Research & Development Software Training

Deploy. Friction-free self-service BI solutions for everyone Scalable analytics on a modern architecture

Free and Open-Source Software Diligence in Mergers, Acquisitions, and Investments

Product Strategy Update OTM SIG Conference

Your Cloud, Your Data, Your Way! owncloud Overview. Club IT - Private and Hybrid Cloud. Austrian Chambers of Commerce Vienna, January 28th, 2014

The Next Wave of Data Management. Is Big Data The New Normal?

The Benefits of Utilizing a Repository Manager

8 Tips for Winning the IT Asset Management Challenge START

FOSS Management Study

Mobile Device Inventory the first step in enterprise mobile management

NeXUS REPOSITORY managers

CSPA. Common Statistical Production Architecture Descritption of the Business aspects of the architecture: business models for sharing software

Impact of cloud computing

How To Manage Your Digital Assets On A Computer Or Tablet Device

Scanning Open Source Software and Managing License Obligations on IBM SmartCloud. Because code travels

Centralized Secure Vault with Serena Dimensions CM

BRIDGE. the gaps between IT, cloud service providers, and the business. IT service management for the cloud. Business white paper

! Resident of Kauai, Hawaii

SAST, DAST and Vulnerability Assessments, = 4

Strategies and Best Practices to Implement a Successful Data Loss Prevention Program Sebastian Brenner, CISSP

Open Source and the New Software Supply Chain. Mark Tolliver, CEO Palamida Inc.

ENJOYING OPEN SOURCE WITHOUT COMPROMISING BUSINESS. Dr. Ron Rymon Founder, White Source Software

Continuous Integration The Full Monty Artifactory and Gradle. Yoav Landman & Frederic Simon

Product Lifecycle Management in the Medical Device Industry. An Oracle White Paper Updated January 2008

Impacts of Open Source and the EUPL on software IP

The 7 Myths of IP Risk: The Real Exposure Issues with Free and Open Source Software. Black Duck Software White Paper

Open Source in Mobile Test Automation. Ru Cindrea - Altom ru@altom.ro

On Premise Vs Cloud: Selection Approach & Implementation Strategies

NE T GENERATION CLOUD SECURITY PLATFORM

Test Management Tools

Inside Electronic Signature APIs

Aspects of Software Quality Assurance in Open Source Software Projects: Two Case Studies from Apache Project

Open Source Software. The Foundation for Tomorrow s Infrastructure. Al Gillen. Program VP, System Software IDC April 2013

Taking control of the virtual image lifecycle process

Bridge Development and Operations for faster delivery of applications

Seven Practical Steps to Delivering More Secure Software. January 2011

Open Source Software: Recent Developments and Public Policy Implications. World Information Technology and Services Alliance

A Comprehensive Solution for API Management

SESSION 709 Wednesday, November 4, 9:00am - 10:00am Track: Strategic View

Enabling Continuous Delivery by Leveraging the Deployment Pipeline

Bringing Continuous Security to the Global Enterprise

Open Source. Knowledge Base. By: Karan Malik INTRODUCTION

The FOSSology Project Overview and Discussion. » The Open Compliance Program. ... By Bob Gobeille, Hewlett-Packard

EIM Strategy & Data Governance

Overview of Databases On MacOS. Karl Kuehn Automation Engineer RethinkDB

Service Oriented Architecture (SOA) Architecture, Governance, Standards and Technologies

Orchestrated. Release Management. Gain insight and control, eliminate ineffective handoffs, and automate application deployments

Microsoft PPM for Application Administrators using Microsoft Project Online

Getting Started with Open Source Compliance

Transcription:

HOW TO UTILIZE OPEN SOURCE IN YOUR CODE BASE AND BUILD PROCESS 2015 Black Duck Software, Inc. All Rights Reserved.

TODAY S PRESENTERS Baruch Sadogursky JFrog Dave Gruber Black Duck 2 2015 Black Duck Software, Inc. All Rights Reserved.

AGENDA Open Source Trends How automated binary management plays a key role in the process How to track and maintain continuous visibility of your open source utilization JFrog Artifactory and Black Duck Suite Suite/Artifactory Integration Q&A 3 2015 Black Duck Software, Inc. All Rights Reserved.

OPEN SOURCE TRENDS 1,500,000 Open Source Projects 1,000,000 Black Duck KnowledgeBase 500,000 0 2007 2009 2011 2013 2015 4 2015 Black Duck Software, Inc. All Rights Reserved.

OPEN SOURCE IS APPROACHING A TIPPING POINT Faster release cycles Open source (Android): 3 months Closed source (Windows): 3 years Rate of Innovation Mobile Cloud Big Data Increasing Co-opetition Mobile - Android Automotive GENIVI Financial Lodestone 5 2015 Black Duck Software, Inc. All Rights Reserved.

COMMUNITY AND CO-OPETITION Financial Services Mobile Healthcare Automotive Aerospace Polarsys Infrastructure The Apache Foundation The Foundation 6 2015 Black Duck Software, Inc. All Rights Reserved.

EVOLVING DRIVERS OF FOSS ADOPTION 7 2015 Black Duck Software, Inc. All Rights Reserved. 13

TOP 20 OPEN SOURCE LICENSES Ranked according to number of open source projects using the license Top 10 licenses account for 93% Top 20 licenses account for 97% GPL family of licenses account for 53% Apache+BSD+MIT licenses account for 31% Source: //www.blackducksoftware.com/oss/licenses#top20 January 2014 8 2015 Black Duck Software, Inc. All Rights Reserved.

WHAT IS A BINARY REPOSITORY MANAGER? 9 2015 Black Duck Software, Inc. All Rights Reserved.

WHAT IS A BINARY REPOSITORY MANAGER? 10 2015 Black Duck Software, Inc. All Rights Reserved.

WHAT IS A BINARY REPOSITORY MANAGER? 11 2015 Black Duck Software, Inc. All Rights Reserved.

WHAT IS A BINARY REPOSITORY MANAGER? 12 2015 Black Duck Software, Inc. All Rights Reserved.

WHAT IS A BINARY REPOSITORY MANAGER? 13 2015 Black Duck Software, Inc. All Rights Reserved.

WHAT IS A BINARY REPOSITORY MANAGER? 14 2015 Black Duck Software, Inc. All Rights Reserved.

WHAT IS A BINARY REPOSITORY MANAGER? 15 2015 Black Duck Software, Inc. All Rights Reserved.

WHAT IS A BINARY REPOSITORY MANAGER? 16 2015 Black Duck Software, Inc. All Rights Reserved.

TRACKING AND MAINTAINING CONTINUOUS VISIBILITY OF YOUR OPEN SOURCE UTILIZATION 17 2015 Black Duck Software, Inc. All Rights Reserved.

VISIBILITY How much OSS are we using? Are we leveraging enough? What components are important to my project? To my Organization? What components are being used? In which apps? Which versions? 18 2015 Black Duck Software, Inc. All Rights Reserved.

GAINING VISIBILITY INTO OSS USE Discover Code Analysis Component approval process Catalog Tied into approval and analysis Track what s used in which applications Analyze Version proliferation analysis Popular projects and versions 19 2015 Black Duck Software, Inc. All Rights Reserved.

USING SECURE COMPONENTS. 20 2015 Black Duck Software, Inc. All Rights Reserved.

SECURITY VULNERABILITIES Are there known security vulnerabilities in components that I want to use? Is anyone paying attention to vulnerability reports postdeployment? Are version updates available that resolve security vulnerabilities? 21 2015 Black Duck Software, Inc. All Rights Reserved.

MONITORING THE NVDB Examples (as of February 14, 2014) Apache Tomcat: 125 PHP: 340 Wordpress: 594 Postgres: 102 MySQL: 459 22 2015 Black Duck Software, Inc. All Rights Reserved.

VERIFY, CATALOG AND MONITOR Verify no vulnerabilities at selection and approval 1 2 Catalog all components in use OSS Catalog 3 Monitor NVDB against cataloged components 23 2015 Black Duck Software, Inc. All Rights Reserved.

THE RIGHT LICENSE. 24 2015 Black Duck Software, Inc. All Rights Reserved.

WHAT IS A LICENSE? Permission by the owner of property to take some act that the owner has the ability to control due to their ownership of intellectual property rights By default, the author of the a software program owns copyrights No one can copy or use without permission a license 25 2015 Black Duck Software, Inc. All Rights Reserved.

OSI LICENSE DEFINITION (ABBREVIATED) Must allow free redistribution Must make source code available Must allow derivative works etc 26 2015 Black Duck Software, Inc. All Rights Reserved.

GPL AND RECIPROCAL LICENSES GPL is reciprocal (viral or copyleft v permissive) Most popular open source license; nearly 50% marketshare Key elements Disclosure of source code if distributed Derivative works must use same license: Works that incorporate the software Linking debate Auto termination Can conflict with other license, particularly commercial licenses 27 2015 Black Duck Software, Inc. All Rights Reserved.

NO LICENSES MEANS NO PERMISSION 100% 90% 80% 70% 60% 50% 40% 7% 93% 77% No Declared Declared 42% have Embedded Licenses 30% 20% 10% 23% These embedded licenses contain specific obligations that govern the use of the overall project. 0% Non GitHub GitHub The lack of a declared license for an open source project can cause an enterprise to steer clear of it, limiting the projects organizations can use. The ability to access embedded license information and obligations up-front during the code selection process opens a sizeable opportunity for enterprises and could have significant impact on their bottom line. - Mark Driver, Vice President and Research Director, Gartner. 28 2015 Black Duck Software, Inc. All Rights Reserved.

LICENSE MANAGEMENT SOLUTIONS License Policy Know what licenses apply to what use cases Informed Choices Helping developers have up-front insight into licenses and policy Approvals Streamlined, automated approval process Auditing OSS still sneaks in, so auditing is required throughout the process 29 2015 Black Duck Software, Inc. All Rights Reserved.

JFROG AND BLACK DUCK AN INTEGRATED SOLUTION 30 2015 Black Duck Software, Inc. All Rights Reserved.

JFROG AND BLACK DUCK AN INTEGRATED SOLUTION Easy, efficient use of open source binary artifacts Developers: No hassle, more informed component use decisions Managers: Earlier visibility, more standardization Management and control of open source use 31 2015 Black Duck Software, Inc. All Rights Reserved.

BLACK DUCK AND JFROG AUTOMATE OPEN SOURCE MANAGEMENT Application development cycle Plan Code Build Test Release Open source governance lifecycle Acquire Approve Catalog Audit Monitor Description Version Vulnerabilities Cryptography License Maturity Black Duck KnowledgeBase 32 2015 Black Duck Software, Inc. All Rights Reserved.

JFROG ARTIFACTORY BLACK DUCK INTEGRATION Component Queries Build Info 33 2015 Black Duck Software, Inc. All Rights Reserved.

ARTIFACTORY BLACK DUCK CODECENTER INTEGRATION 34 2015 Black Duck Software, Inc. All Rights Reserved.

THE RIGHT OPEN SOURCE FOR YOUR PROJECT with processes and tools you can continuously ensure the right open source ends up in your build. 35 2015 Black Duck Software, Inc. All Rights Reserved.

Questions? Dave Gruber Black Duck dgruber@blackducksoftware.com @davegruber5 Baruch Sadogursky JFrog jbaruch@jfrog.com @jbaruch 2015 Black Duck Software, Inc. All Rights Reserved.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information