December 5-6, 2022
Yokohama, Japan + Virtual
View More Details & Registration
Note: The schedule is subject to change.

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Open Source Summit Japan 2022 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Japan Standard Time (UTC +9). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."

IMPORTANT NOTE: The timing of sessions and room locations are subject to change.

Tuesday, December 6 • 11:10 - 11:50
SW360 SBOM: Managing Vulnerability Information, SPDX Documents and New Dependency Network Between a Project and Software Components - Kouki Hama & Tien Le, Toshiba Corporation

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
The SW360 (https://www.eclipse.org/sw360/) started as a software project for managing license compliance information using SPDX information for products and projects. The foundation for this lies in the software bill-of-material (SBOM), which lists all involved third-party components of a product or project. Then, SW360 developed also into supporting other tasks around delivering software using the SBOM: for example, managing vulnerabilities or assessing trade compliance (ECC). With its REST API, SW360 can import and export the SBOM information in an automated way. To support product approval processes, SW360 has extended the support for license compliance information with the import of license obligations, providing input for delivery approval processes. The obligation information can be imported from the OSADL license checklist.

In this presentation, Kouki Hama will give an overview of SW360 and introduce its architecture. Then Tien Le will  demonstrate the new features of SW360: vulnerability registration, SPDX input/output, and OSS dependency management.

avatar for Kouki Hama

Kouki Hama

Software Engineering Researcher, Toshiba Corporation
Kouki Hama is a researcher in software engineering at Toshiba Corporation. He researches open source compliance, process, and these tools. He is also one of the members of the OpenChain project Japan workgroup and one of the co-leader of Eclipse SW360 projects.

Tien Le

Team Leader, Toshiba Corporation
Tien Le is a software developer for Toshiba Corporation. He's been active in the open source community for over five years, including FOSSology, Scancode, Node.js, Linux, and recently focused on SW360. At Toshiba in Vietnam, Tien works in several roles as project leader, requirement... Read More →

Tuesday December 6, 2022 11:10 - 11:50 JST
  Critical Software Summit