Open Source Compliance at Orange, OW2online, June 2020
•
0 j'aime•166 vues
Presentation by Nicolas Toussaint, Software Architect, Orange. Abstract: Orange and Orange Business Services have turned to full open source solutions to tackle the complex problem of respecting the open source legal compliance constraints. This talk presents the journey undertaken the past few years to build and improve the existing tooling and processes to make compliance validation possible, as well as allow overseeing progresses.
Signaler
Partager
Signaler
Partager
Télécharger pour lire hors ligne
Recommandé
Open Social Intro Gdd Taipei
This document introduces OpenSocial, including its concepts, building and hosting OpenSocial applications, Google Friend Connect integration, and OpenSocial containers. OpenSocial provides a set of APIs that operate in standard web technologies and allow social networks to offer many features at minimal cost while enabling app developers to reach hundreds of millions of users.
lfpub_cp_cost_estimate2015 (1)
This document estimates the total development cost of Linux Foundation's collaborative open source projects if they had to be rebuilt from scratch. It analyzes over 115 million lines of source code across various projects. Using the Constructive Cost Model (COCOMO), it estimates it would take over 41,000 person-years of work and cost $5 billion to recreate these projects. The largest projects by lines of code are Tizen and Code Aurora Forum. While a simple analysis, it demonstrates the significant value provided by collaborative open source development.
Eclipse sw360 Web Application for managing software Bill-Of-Material, FASTEN ...
The Eclipse SW360 project provides a server application for the management of used software components in an organization. The catalogue can then be used to create Software Bill-of-Materials (SBOM) for products and projects. SBOM management is essential for a number of important aspects when delivering products: for understanding if vulnerabilities are relevant, for reviewing the licensing situation, for covering trade compliance and last but not least for the generation of compliance documentation.
SW360 itself focusses only on SBOM management and the support of the approval processes, it does not scan for licenses nor for dependencies. For these tasks, integration with other OSS tools, for example, FOSSology for license scanning is provided. To automate the SBOM management, SW360 provides a REST API which allows CI infrastructure to call SW360 directly for checks, downloads or uploads. SW360 is a project hosted by the Eclipse Foundation licensed under the EPL-2.0; thus it is available for everyone as Open Source software.
OpenChain Automation Case Study - September to December 2021
This document outlines an automation case study that will take place from September to December 2021. It will explore graphical tools from Facebook/TNG that make open source tooling easier to use, focusing on ORT and ScanCode. Over the months, it will provide deep dives on using ORT and TERN via the tool. It will also demonstrate how these tools can work together in a supply chain and maintain SPDX integrity. The case study will conclude with a Facebook usage example and recap at Open Compliance Summit 2021.
Convergence of Communities
This document discusses convergence across the cloud native ecosystem and connections between communities. It highlights how connected communities can foster cross-community collaboration through various means like commons sites, briefings, code contributions, and mailing lists. Examples are given of relationships between individuals, projects, and corporations in the Kubernetes and OpenShift ecosystems. Key players like Red Hat, IBM, Uber, and Amadeus are discussed in terms of their involvement in projects like Kubernetes, OpenShift, Jaeger, OpenStack, and more. The importance of inter-corporate relationships and upstream engagement is also touched on.
The internet of things in now , see how golang is a part of this evolution
This document discusses how Golang can help with Internet of Things (IoT) development. It summarizes that IoT development requires skills in many areas, from embedded programming to backend development, which makes it challenging. Golang can help unify development by allowing code to run natively on devices and be used for both device and backend code, simplifying context switching. It also discusses examples of using Golang with IoT, including a code sample accessing a webcam from a Raspberry Pi. Recommended Golang packages for IoT are also listed.
Welcome to the FOSS4G Community
Welcome to the Free and Open Source Software for Geospatial community. Freedom is one of the tools we use to take on the world. This presentation breaks down the principles on which our community built.
This welcome presentation is a quick orientation on open source, open data, open standards and open development.
Please attend this talk if you are new to the FOSS4G community, or would like some background on how all the fun toys you see on display fit together to form a larger picture. A larger picture we like to call the future.
Bridging Between Development and Operations
The document discusses DevOps, including its origins, reasons for adopting DevOps practices, what DevOps is, and how DevOps works. DevOps aims to break down silos between development and operations teams to establish a culture of collaboration and shared responsibility. It emphasizes automating the process of software delivery and infrastructure changes to allow building, testing, and releasing software rapidly and frequently. Key DevOps practices mentioned are adopting Agile methodologies, continuous integration (CI), continuous delivery (CD), and automating processes like building, testing, and deploying applications.
Recommandé
Open Social Intro Gdd Taipei
This document introduces OpenSocial, including its concepts, building and hosting OpenSocial applications, Google Friend Connect integration, and OpenSocial containers. OpenSocial provides a set of APIs that operate in standard web technologies and allow social networks to offer many features at minimal cost while enabling app developers to reach hundreds of millions of users.
lfpub_cp_cost_estimate2015 (1)
This document estimates the total development cost of Linux Foundation's collaborative open source projects if they had to be rebuilt from scratch. It analyzes over 115 million lines of source code across various projects. Using the Constructive Cost Model (COCOMO), it estimates it would take over 41,000 person-years of work and cost $5 billion to recreate these projects. The largest projects by lines of code are Tizen and Code Aurora Forum. While a simple analysis, it demonstrates the significant value provided by collaborative open source development.
Eclipse sw360 Web Application for managing software Bill-Of-Material, FASTEN ...
The Eclipse SW360 project provides a server application for the management of used software components in an organization. The catalogue can then be used to create Software Bill-of-Materials (SBOM) for products and projects. SBOM management is essential for a number of important aspects when delivering products: for understanding if vulnerabilities are relevant, for reviewing the licensing situation, for covering trade compliance and last but not least for the generation of compliance documentation.
SW360 itself focusses only on SBOM management and the support of the approval processes, it does not scan for licenses nor for dependencies. For these tasks, integration with other OSS tools, for example, FOSSology for license scanning is provided. To automate the SBOM management, SW360 provides a REST API which allows CI infrastructure to call SW360 directly for checks, downloads or uploads. SW360 is a project hosted by the Eclipse Foundation licensed under the EPL-2.0; thus it is available for everyone as Open Source software.
OpenChain Automation Case Study - September to December 2021
This document outlines an automation case study that will take place from September to December 2021. It will explore graphical tools from Facebook/TNG that make open source tooling easier to use, focusing on ORT and ScanCode. Over the months, it will provide deep dives on using ORT and TERN via the tool. It will also demonstrate how these tools can work together in a supply chain and maintain SPDX integrity. The case study will conclude with a Facebook usage example and recap at Open Compliance Summit 2021.
Convergence of Communities
This document discusses convergence across the cloud native ecosystem and connections between communities. It highlights how connected communities can foster cross-community collaboration through various means like commons sites, briefings, code contributions, and mailing lists. Examples are given of relationships between individuals, projects, and corporations in the Kubernetes and OpenShift ecosystems. Key players like Red Hat, IBM, Uber, and Amadeus are discussed in terms of their involvement in projects like Kubernetes, OpenShift, Jaeger, OpenStack, and more. The importance of inter-corporate relationships and upstream engagement is also touched on.
The internet of things in now , see how golang is a part of this evolution
This document discusses how Golang can help with Internet of Things (IoT) development. It summarizes that IoT development requires skills in many areas, from embedded programming to backend development, which makes it challenging. Golang can help unify development by allowing code to run natively on devices and be used for both device and backend code, simplifying context switching. It also discusses examples of using Golang with IoT, including a code sample accessing a webcam from a Raspberry Pi. Recommended Golang packages for IoT are also listed.
Welcome to the FOSS4G Community
Welcome to the Free and Open Source Software for Geospatial community. Freedom is one of the tools we use to take on the world. This presentation breaks down the principles on which our community built.
This welcome presentation is a quick orientation on open source, open data, open standards and open development.
Please attend this talk if you are new to the FOSS4G community, or would like some background on how all the fun toys you see on display fit together to form a larger picture. A larger picture we like to call the future.
Bridging Between Development and Operations
The document discusses DevOps, including its origins, reasons for adopting DevOps practices, what DevOps is, and how DevOps works. DevOps aims to break down silos between development and operations teams to establish a culture of collaboration and shared responsibility. It emphasizes automating the process of software delivery and infrastructure changes to allow building, testing, and releasing software rapidly and frequently. Key DevOps practices mentioned are adopting Agile methodologies, continuous integration (CI), continuous delivery (CD), and automating processes like building, testing, and deploying applications.
Whether you should migrate to git
Git has become very popular due to its good performance and wide plugin support for IDEs. It allows full access to the project history even without an internet connection. Many large companies have migrated to Git due to its open source nature and the popularity of GitHub. While distributed version control has advantages, a centralized server approach may be better for some situations. Migrating to a new version control system requires considering pre-migration and post-migration challenges.
Analyse de la composition logicielle à l’aide d’outils open source
Un des principes les plus répandus dans l'ingénierie est celui de "ne pas réinventer la roue" ; il est d'autant plus important et courant dans le domaine de l'informatique. Aujourd'hui, de plus en plus de projets se trouvent avec des
dépendances Open Source, mais avec la facilité d'utiliser une librairie maintenue par toute une communauté vient aussi
la responsabilité de s'assurer que cette librairie ne contient pas de failles de sécurité connues, et qu'elle est
compatible avec le reste du projet en termes de licences. Ainsi, cela nous mène à devoir faire une analyse SCA (Software
Composition Analysis), qui consiste principalement en deux parties : la production d'une SBOM (Software Bill Of
Materials) afin de détailler l'arbre des dépendances et les informations de licences de chaque logiciel utilisé dans le
projet, et aussi la production d'un rapport de vulnérabilités de ces dépendances, afin d'avertir les utilisateurs en ce
qui concerne les CVEs publiés pour un logiciel donné.
Chez AdaCore, nous avons décidé de faire cela avec deux projets Open Source : ScanCode Toolkit et VulnerableCode. Après
avoir examiné les leaders du marché, en recherchant une solution "plug-and-play" qui nécessiterait peu de maintenance,
nous avons trouvé que les équivalents Open Source sont, dans notre cas, plus adaptés et plus flexibles.
Dans cette présentation, je partagerai les résultats de cette analyse, et j'expliquerai comment nous mettons en œuvre
ces solutions en pratique.
Open Source Insight: NVD's New Look, Struts Vuln Ransomware & Google Open So...
Open Source Insight: NVD's New Look, Struts Vuln Ransomware & Google Open So...Black Duck by Synopsys
NIST redesigned the National Vulnerability Database with a much-needed, modernized look-and-feel — including a scrolling list of the latest scored vulnerabilities and a “visualization” section designed to provide different ways to look at the data.
First impression? While some kinks still need to be worked out (the site loads very slowly), it’s going to be much easier to find vulnerability and mitigation information in the NVD than in the past.
Don’t Ignore GitHub Security Alerts, Automate Them Into Your Workflow.
Presentation from Open Source Leadership Summit 2019. This talk will highlight some best practices that your Open Source Program Office (OSPO) can use to manage security vulnerabilities for open source projects using GitHub’s security alerts at scale. We’ll discuss the mechanics and governance around the process we’ve set up at Verizon Media to notify internal employees about CVEs on their projects.
apidays LIVE Paris 2021 - Building an Accessible API Spec with Traditional En...
apidays LIVE Paris 2021 - APIs and the Future of Software
December 7, 8 & 9, 2021
Building an Accessible API Spec with Traditional Engineering Teams
Griffin Solot-Kehl, Developer Advocate at Dolby Laboratories
OpenChain: Japan WG # 9 – Update Time!
'OpenChain: Japan WG # 9 – Update Time!' is a talk delivered by Shane Coughlan to open the 9th meeting of the OpenChain Japan Work Group at DensoTen on the 18th of April 2019.
Beyond GeoServer Basics
You've got GeoServer running and you've loaded some data that users can consume. Now what? For many users, GeoServer is only used to serve rendered map images, but in this workshop, attendees will learn about some of the features that GeoServer that are often overlooked. The specific topics that will be covered include: - updating data on the server using WFS-T - Web Processing Service for server-side geospatial analysis - rendering transforms to dynamically transform your data into heatmaps - filtering data based on user input - using SQL Views with GeoServer - working with time-enabled data Each of these skills can be applied to making beautiful and dynamic web applications powered by GeoServer. This workshop will assume that you are familiar with basic GeoServer concepts and interaction, such as how to load and publish a shapefile.
INTERFACE, by apidays - Spatially enabling Web APIs through OGC Standards b...
INTERFACE, by apidays 2021 - It’s APIs all the way down
June 30, July 1 & 2, 2021
Spatially enabling Web APIs through OGC Standards
Gobe Hobona, Director of Product Management, Standards at Open Geospatial Consortium
Europace's journey to InnerSource
Europace is a network-centric organization within a network of organizations (Hypoport). It uses the self-organization framework Holacracy as its operating system---loosely coupled, autonomous teams are working together for a common purpose. But with autonomy also comes a trend towards self-sufficiency. In the years after starting with self-organization we experienced a lot of “reinventing the wheel” instead of company-wide collaboration. In order to find a way out of this dilemma we looked at the open source world, especially on how collaboration works in such a distributed world. What we found was The Apache Way.
Next, a group of people interested and experienced in Open Source founded a community of practise at Europace. Together, we run experiments for applying the patterns of The Apache Way at our teams. As a result of those experiments these patterns can nowadays be found everywhere at Europace, especially when it comes to collaboration between teams. But we did not stop there, we kept on running experiments in order to improve the InnerSource experience at Europace. In this talk you will learn which experiments we run, how we did it and what we discovered on our journey so far.
Nuxeo Live Connect & Connector to Salesforce
Nuxeo Live Connect provides native integration with Google Drive and Dropbox, allowing users to access and collaborate on files stored in the cloud directly from Nuxeo. It features file downloads, PDF conversion, access to editors and apps, automatic updates, unified search, and versioning. Authentication is handled through OAuth2 without storing user passwords. It is available on the Nuxeo Marketplace.
Nuxeo also announced a new connector for Salesforce that provides bidirectional integration using REST APIs. It exposes Nuxeo data and documents in Salesforce and allows creating and retrieving information from Nuxeo via the Salesforce application.
Modern Post-Exploitation Strategies - 44CON 2012
Rich Smith's Modern Post-Exploitation Strategies presentation slides from 44CON 2012 in London, September 2012.
Contributing to Apache Projects and Making Profits
This document discusses how companies can work with Apache projects to build organic open source solutions and make profits. It provides examples of how the speaker worked with Apache Shindig and OpenSocial at Yahoo and Jive Software to build social applications platforms. The speaker describes different models for company involvement with Apache projects, from simply using project code to contributing engineers. The document advocates choosing Apache projects that are a good fit and contributing back code and features to benefit the community and reduce long term maintenance costs.
E bpf and profilers
This document provides an overview and agenda for a presentation about Calico, applications profiling, and BPF observability. The presentation covers Calico networking and security, what applications are, how BPF and eBPF can provide monitoring and observability capabilities like iostat and top traditionally have, and a demo of these techniques. It encourages connecting on social media and lists additional resources for troubleshooting and learning more about Calico, eBPF, and related tools.
Git tech
Version control systems like Git are essential tools in software development that allow tracking of code changes and collaboration between programmers. Git repositories provided by GitHub and GitLab are two of the most popular options. While GitHub is mainly used for code sharing and includes social features, GitLab provides additional DevOps capabilities like integrated continuous integration and deployment. Both tools have similar features for code review, issue tracking, and documentation, but GitLab offers more robust project management and security features for enterprises. Version control systems streamline development and allow easy reverting of mistakes or changes, improving productivity and reducing errors in software projects.
SFScon 21 - Marina Latini - openSUSE Leap 15.3 and how community and enterpri...
SFScon 21 - Marina Latini - openSUSE Leap 15.3 and how community and enterpri...South Tyrol Free Software Conference
This document discusses openSUSE Leap 15.3 and how the openSUSE community and SUSE cooperate. It describes Leap as bridging community and enterprise by being based on the latest SUSE Linux Enterprise. It outlines Leap's long-term maintenance process and how SUSE's "Closing the Leap Gap" and "Jump" efforts bring Leap closer to Enterprise. Future versions will simplify application development for both Leap and Enterprise users. The document encourages synergies between open source projects and companies.Presentazione resin.io
This document summarizes Resin.io, a platform that makes it simple to deploy, update, and maintain code running on remote devices. Resin.io allows developers to push code to their project in the Resin.io cloud, where it compiles for the device architecture. It then deploys the code to connected devices through containerization using Docker. Resin.io provides device management, monitoring and APIs to control deployment of code updates to devices from a remote location.
Security: The Value of SBOMs
Watch this talk on YouTube: https://youtu.be/-3K74I7t7CQ
Securing the Software Supply Chain has become a focus of cybersecurity efforts the world over. One aspect of this is with the generation and verification of a Software Bill of Materials (SBOM). But what is an SBOM and how would you go about setting this up for your cloud native container/applications/pipeline?
The Flux team recently published a blog on this very topic and how they’ve gone about implementing these measures. During this session, Dan Luhring, OSS Engineering Manager at Anchore, will dive into SBOMs - what they are, why you need them, some common use cases and how to get your pipeline ready for SBOM generation and verification using the Flux SBOM as an example.
Resources
Anchore: A comprehensive, continuous security and compliance platform to protect your cloud-native applications.
Anchore’s OSS tools featured during this session:
- Syft: A CLI tool for generating a Software Bill of Materials (SBOM) from container images and file systems
- Grype: An easy-to-integrate open source vulnerability scanning tool for container images and file systems.
Speaker Bios:
Dan Luhring heads up OSS at Anchore, where he leads the software engineering team that develops Syft and Grype. Dan is drawn deeply into the cloud native security space, where he focuses on container workflows and developer experience. Dan believes in making software more secure by making life better for software engineers and security practitioners. Dan is a maintainer of Sigstore’s Cosign project, and he loves partnering with other people to find solutions to daunting challenges.
Priyanka (aka “Pinky”) is a Developer Experience Engineer at Weaveworks. She has worked on a multitude of topics including front end development, UI automation for testing and API development. Previously she was a software developer at State Farm where she was on the delivery engineering team working on GitOps enablement. She was instrumental in the multi-tenancy migration to utilize Flux for an internal Kubernetes offering. Outside of work, Priyanka enjoys hanging out with her husband and two rescue dogs as well as traveling around the globe.
Foundation Comparison
OSGeo and LocationTech are both organizations that support open source geospatial software. OSGeo is a non-profit foundation that aims to support collaborative development and promote widespread use of open source geospatial software. LocationTech is an Eclipse working group that develops advanced location technologies. Both organizations provide resources for projects like code sprints, marketing assistance, and incubation processes to help projects with open development. The incubation processes differ in some ways, with LocationTech providing more automated processes through the Eclipse infrastructure and more frequent IP reviews, while OSGeo incubation can take 1-6 years but provides more flexibility. Both organizations complement each other in supporting the geospatial open source community.
.NET Fest 2018. Оля Гавриш. Что нового в .NET Core 3.0
Все большую и большую полулярность в мире .NET приобретает .Net Core - кросс-платформенная опен-сорс альтернатива .NET Framework, которая содержит основные библиотеки .NET Framework и при этом обладает существенными преимуществами, такими как улучшенной производительностью, возможностью деплоймента .Net Core вместе с приложением и многими другими. В конце 2018 года выйдет новая превью версия .NET Core 3.0, где, наряду с прочими усовершенствованиями, будет добавлена возможность создавать Windows десктоп приложения с помощью WinForms и WPF. В этом доколаде Вы услышите о новинках .NET Core 3, узнаете как выбрать между .NET Framework and .NET Core для ваших приложений, и как портировать существующие приложения на .NET Core.
Open Source and Standards Communities Coming Together to Solve Real World Pro...
The document discusses how IEEE and open source communities are working together to solve real-world problems. It provides an overview of IEEE's global reach and technical breadth in standards development. It then describes IEEE-SA Open, a platform for open source software, hardware, and data projects, and how it can bridge standards development and open source communities. Examples are given of how open source projects are being used in conjunction with IEEE standards development.
CNCF Introduction - Feb 2018
CNCF general introduction to beginners at openstack meetup Pune & Bangalore February 2018. Covers broadly the activities and structure of the Cloud Native Computing Foundation.
A $5 Billion Value (Linux Foundation, 2015)
A $5 Billion Value: Estimating the Total Development Cost of Linux Foundation’s Collaborative Projects
By Jeff Licquia and Amanda McPherson - A Linux Foundation publication
Contenu connexe
Tendances
Whether you should migrate to git
Git has become very popular due to its good performance and wide plugin support for IDEs. It allows full access to the project history even without an internet connection. Many large companies have migrated to Git due to its open source nature and the popularity of GitHub. While distributed version control has advantages, a centralized server approach may be better for some situations. Migrating to a new version control system requires considering pre-migration and post-migration challenges.
Analyse de la composition logicielle à l’aide d’outils open source
Un des principes les plus répandus dans l'ingénierie est celui de "ne pas réinventer la roue" ; il est d'autant plus important et courant dans le domaine de l'informatique. Aujourd'hui, de plus en plus de projets se trouvent avec des
dépendances Open Source, mais avec la facilité d'utiliser une librairie maintenue par toute une communauté vient aussi
la responsabilité de s'assurer que cette librairie ne contient pas de failles de sécurité connues, et qu'elle est
compatible avec le reste du projet en termes de licences. Ainsi, cela nous mène à devoir faire une analyse SCA (Software
Composition Analysis), qui consiste principalement en deux parties : la production d'une SBOM (Software Bill Of
Materials) afin de détailler l'arbre des dépendances et les informations de licences de chaque logiciel utilisé dans le
projet, et aussi la production d'un rapport de vulnérabilités de ces dépendances, afin d'avertir les utilisateurs en ce
qui concerne les CVEs publiés pour un logiciel donné.
Chez AdaCore, nous avons décidé de faire cela avec deux projets Open Source : ScanCode Toolkit et VulnerableCode. Après
avoir examiné les leaders du marché, en recherchant une solution "plug-and-play" qui nécessiterait peu de maintenance,
nous avons trouvé que les équivalents Open Source sont, dans notre cas, plus adaptés et plus flexibles.
Dans cette présentation, je partagerai les résultats de cette analyse, et j'expliquerai comment nous mettons en œuvre
ces solutions en pratique.
Open Source Insight: NVD's New Look, Struts Vuln Ransomware & Google Open So...
Open Source Insight: NVD's New Look, Struts Vuln Ransomware & Google Open So...Black Duck by Synopsys
NIST redesigned the National Vulnerability Database with a much-needed, modernized look-and-feel — including a scrolling list of the latest scored vulnerabilities and a “visualization” section designed to provide different ways to look at the data.
First impression? While some kinks still need to be worked out (the site loads very slowly), it’s going to be much easier to find vulnerability and mitigation information in the NVD than in the past.
Don’t Ignore GitHub Security Alerts, Automate Them Into Your Workflow.
Presentation from Open Source Leadership Summit 2019. This talk will highlight some best practices that your Open Source Program Office (OSPO) can use to manage security vulnerabilities for open source projects using GitHub’s security alerts at scale. We’ll discuss the mechanics and governance around the process we’ve set up at Verizon Media to notify internal employees about CVEs on their projects.
apidays LIVE Paris 2021 - Building an Accessible API Spec with Traditional En...
apidays LIVE Paris 2021 - APIs and the Future of Software
December 7, 8 & 9, 2021
Building an Accessible API Spec with Traditional Engineering Teams
Griffin Solot-Kehl, Developer Advocate at Dolby Laboratories
OpenChain: Japan WG # 9 – Update Time!
'OpenChain: Japan WG # 9 – Update Time!' is a talk delivered by Shane Coughlan to open the 9th meeting of the OpenChain Japan Work Group at DensoTen on the 18th of April 2019.
Beyond GeoServer Basics
You've got GeoServer running and you've loaded some data that users can consume. Now what? For many users, GeoServer is only used to serve rendered map images, but in this workshop, attendees will learn about some of the features that GeoServer that are often overlooked. The specific topics that will be covered include: - updating data on the server using WFS-T - Web Processing Service for server-side geospatial analysis - rendering transforms to dynamically transform your data into heatmaps - filtering data based on user input - using SQL Views with GeoServer - working with time-enabled data Each of these skills can be applied to making beautiful and dynamic web applications powered by GeoServer. This workshop will assume that you are familiar with basic GeoServer concepts and interaction, such as how to load and publish a shapefile.
INTERFACE, by apidays - Spatially enabling Web APIs through OGC Standards b...
INTERFACE, by apidays 2021 - It’s APIs all the way down
June 30, July 1 & 2, 2021
Spatially enabling Web APIs through OGC Standards
Gobe Hobona, Director of Product Management, Standards at Open Geospatial Consortium
Europace's journey to InnerSource
Europace is a network-centric organization within a network of organizations (Hypoport). It uses the self-organization framework Holacracy as its operating system---loosely coupled, autonomous teams are working together for a common purpose. But with autonomy also comes a trend towards self-sufficiency. In the years after starting with self-organization we experienced a lot of “reinventing the wheel” instead of company-wide collaboration. In order to find a way out of this dilemma we looked at the open source world, especially on how collaboration works in such a distributed world. What we found was The Apache Way.
Next, a group of people interested and experienced in Open Source founded a community of practise at Europace. Together, we run experiments for applying the patterns of The Apache Way at our teams. As a result of those experiments these patterns can nowadays be found everywhere at Europace, especially when it comes to collaboration between teams. But we did not stop there, we kept on running experiments in order to improve the InnerSource experience at Europace. In this talk you will learn which experiments we run, how we did it and what we discovered on our journey so far.
Nuxeo Live Connect & Connector to Salesforce
Nuxeo Live Connect provides native integration with Google Drive and Dropbox, allowing users to access and collaborate on files stored in the cloud directly from Nuxeo. It features file downloads, PDF conversion, access to editors and apps, automatic updates, unified search, and versioning. Authentication is handled through OAuth2 without storing user passwords. It is available on the Nuxeo Marketplace.
Nuxeo also announced a new connector for Salesforce that provides bidirectional integration using REST APIs. It exposes Nuxeo data and documents in Salesforce and allows creating and retrieving information from Nuxeo via the Salesforce application.
Modern Post-Exploitation Strategies - 44CON 2012
Rich Smith's Modern Post-Exploitation Strategies presentation slides from 44CON 2012 in London, September 2012.
Contributing to Apache Projects and Making Profits
This document discusses how companies can work with Apache projects to build organic open source solutions and make profits. It provides examples of how the speaker worked with Apache Shindig and OpenSocial at Yahoo and Jive Software to build social applications platforms. The speaker describes different models for company involvement with Apache projects, from simply using project code to contributing engineers. The document advocates choosing Apache projects that are a good fit and contributing back code and features to benefit the community and reduce long term maintenance costs.
E bpf and profilers
This document provides an overview and agenda for a presentation about Calico, applications profiling, and BPF observability. The presentation covers Calico networking and security, what applications are, how BPF and eBPF can provide monitoring and observability capabilities like iostat and top traditionally have, and a demo of these techniques. It encourages connecting on social media and lists additional resources for troubleshooting and learning more about Calico, eBPF, and related tools.
Git tech
Version control systems like Git are essential tools in software development that allow tracking of code changes and collaboration between programmers. Git repositories provided by GitHub and GitLab are two of the most popular options. While GitHub is mainly used for code sharing and includes social features, GitLab provides additional DevOps capabilities like integrated continuous integration and deployment. Both tools have similar features for code review, issue tracking, and documentation, but GitLab offers more robust project management and security features for enterprises. Version control systems streamline development and allow easy reverting of mistakes or changes, improving productivity and reducing errors in software projects.
SFScon 21 - Marina Latini - openSUSE Leap 15.3 and how community and enterpri...
SFScon 21 - Marina Latini - openSUSE Leap 15.3 and how community and enterpri...South Tyrol Free Software Conference
This document discusses openSUSE Leap 15.3 and how the openSUSE community and SUSE cooperate. It describes Leap as bridging community and enterprise by being based on the latest SUSE Linux Enterprise. It outlines Leap's long-term maintenance process and how SUSE's "Closing the Leap Gap" and "Jump" efforts bring Leap closer to Enterprise. Future versions will simplify application development for both Leap and Enterprise users. The document encourages synergies between open source projects and companies.Presentazione resin.io
This document summarizes Resin.io, a platform that makes it simple to deploy, update, and maintain code running on remote devices. Resin.io allows developers to push code to their project in the Resin.io cloud, where it compiles for the device architecture. It then deploys the code to connected devices through containerization using Docker. Resin.io provides device management, monitoring and APIs to control deployment of code updates to devices from a remote location.
Security: The Value of SBOMs
Watch this talk on YouTube: https://youtu.be/-3K74I7t7CQ
Securing the Software Supply Chain has become a focus of cybersecurity efforts the world over. One aspect of this is with the generation and verification of a Software Bill of Materials (SBOM). But what is an SBOM and how would you go about setting this up for your cloud native container/applications/pipeline?
The Flux team recently published a blog on this very topic and how they’ve gone about implementing these measures. During this session, Dan Luhring, OSS Engineering Manager at Anchore, will dive into SBOMs - what they are, why you need them, some common use cases and how to get your pipeline ready for SBOM generation and verification using the Flux SBOM as an example.
Resources
Anchore: A comprehensive, continuous security and compliance platform to protect your cloud-native applications.
Anchore’s OSS tools featured during this session:
- Syft: A CLI tool for generating a Software Bill of Materials (SBOM) from container images and file systems
- Grype: An easy-to-integrate open source vulnerability scanning tool for container images and file systems.
Speaker Bios:
Dan Luhring heads up OSS at Anchore, where he leads the software engineering team that develops Syft and Grype. Dan is drawn deeply into the cloud native security space, where he focuses on container workflows and developer experience. Dan believes in making software more secure by making life better for software engineers and security practitioners. Dan is a maintainer of Sigstore’s Cosign project, and he loves partnering with other people to find solutions to daunting challenges.
Priyanka (aka “Pinky”) is a Developer Experience Engineer at Weaveworks. She has worked on a multitude of topics including front end development, UI automation for testing and API development. Previously she was a software developer at State Farm where she was on the delivery engineering team working on GitOps enablement. She was instrumental in the multi-tenancy migration to utilize Flux for an internal Kubernetes offering. Outside of work, Priyanka enjoys hanging out with her husband and two rescue dogs as well as traveling around the globe.
Foundation Comparison
OSGeo and LocationTech are both organizations that support open source geospatial software. OSGeo is a non-profit foundation that aims to support collaborative development and promote widespread use of open source geospatial software. LocationTech is an Eclipse working group that develops advanced location technologies. Both organizations provide resources for projects like code sprints, marketing assistance, and incubation processes to help projects with open development. The incubation processes differ in some ways, with LocationTech providing more automated processes through the Eclipse infrastructure and more frequent IP reviews, while OSGeo incubation can take 1-6 years but provides more flexibility. Both organizations complement each other in supporting the geospatial open source community.
.NET Fest 2018. Оля Гавриш. Что нового в .NET Core 3.0
Все большую и большую полулярность в мире .NET приобретает .Net Core - кросс-платформенная опен-сорс альтернатива .NET Framework, которая содержит основные библиотеки .NET Framework и при этом обладает существенными преимуществами, такими как улучшенной производительностью, возможностью деплоймента .Net Core вместе с приложением и многими другими. В конце 2018 года выйдет новая превью версия .NET Core 3.0, где, наряду с прочими усовершенствованиями, будет добавлена возможность создавать Windows десктоп приложения с помощью WinForms и WPF. В этом доколаде Вы услышите о новинках .NET Core 3, узнаете как выбрать между .NET Framework and .NET Core для ваших приложений, и как портировать существующие приложения на .NET Core.
Open Source and Standards Communities Coming Together to Solve Real World Pro...
The document discusses how IEEE and open source communities are working together to solve real-world problems. It provides an overview of IEEE's global reach and technical breadth in standards development. It then describes IEEE-SA Open, a platform for open source software, hardware, and data projects, and how it can bridge standards development and open source communities. Examples are given of how open source projects are being used in conjunction with IEEE standards development.
Tendances (20)
Analyse de la composition logicielle à l’aide d’outils open source
Analyse de la composition logicielle à l’aide d’outils open source
Open Source Insight: NVD's New Look, Struts Vuln Ransomware & Google Open So...
Open Source Insight: NVD's New Look, Struts Vuln Ransomware & Google Open So...
Don’t Ignore GitHub Security Alerts, Automate Them Into Your Workflow.
Don’t Ignore GitHub Security Alerts, Automate Them Into Your Workflow.
apidays LIVE Paris 2021 - Building an Accessible API Spec with Traditional En...
apidays LIVE Paris 2021 - Building an Accessible API Spec with Traditional En...
INTERFACE, by apidays - Spatially enabling Web APIs through OGC Standards b...
INTERFACE, by apidays - Spatially enabling Web APIs through OGC Standards b...
Contributing to Apache Projects and Making Profits
Contributing to Apache Projects and Making Profits
SFScon 21 - Marina Latini - openSUSE Leap 15.3 and how community and enterpri...
SFScon 21 - Marina Latini - openSUSE Leap 15.3 and how community and enterpri...
.NET Fest 2018. Оля Гавриш. Что нового в .NET Core 3.0
.NET Fest 2018. Оля Гавриш. Что нового в .NET Core 3.0
Open Source and Standards Communities Coming Together to Solve Real World Pro...
Open Source and Standards Communities Coming Together to Solve Real World Pro...
Similaire à Open Source Compliance at Orange, OW2online, June 2020
CNCF Introduction - Feb 2018
CNCF general introduction to beginners at openstack meetup Pune & Bangalore February 2018. Covers broadly the activities and structure of the Cloud Native Computing Foundation.
A $5 Billion Value (Linux Foundation, 2015)
A $5 Billion Value: Estimating the Total Development Cost of Linux Foundation’s Collaborative Projects
By Jeff Licquia and Amanda McPherson - A Linux Foundation publication
Open Source & What It Means For Self-Sovereign Identity (SSI)
Open source and open standards have been two pillars of self-sovereign identity since the beginning. Only by breaking down barriers to both development and production can we ensure that SSI works for everyone, everywhere.
Openness is also at the core of how Evernym operates, and our motivation for launching Sovrin, subsequently donating Hyperledger Indy to the world, and more recently, open-sourcing our own products.
In this webinar, we covered:
- The importance of open source software, and why it's needed for self-sovereign identity
- The open source tools available today, from Hyperledger Indy and Aries to Evernym's Verity
- What Evernym's open-sourcing of Verity means for developers
- Getting started with either open source or our free Sandbox plan
Syncitall
Syncitall is a program that allows users to sync files across multiple cloud storage services like Google Drive, OneDrive, and Dropbox. It provides a common interface to access files from different cloud storages simultaneously. The program uses APIs to connect to cloud services and Selenium to automate browser authorization. It splits large files into parts for uploading across storages. The graphical user interface is built using PyQt and allows viewing, moving, deleting, and downloading files from connected cloud accounts in one place.
Choisir le bon business model et la bonne licence pour la survie de son proje...
Choisir le bon business model et la bonne licence pour la survie de son proje...Open Source Experience
Lorsque l’on démarre une activité et décide de la mener en open source, il est essentiel de savoir pourquoi on le fait et quels sont les avantages que l’on attend d’une telle démarche. Cette session va vous aider à définir et à gérer les aspects licence de votre projet ainsi qu’à déterminer un business model qui fonctionne avec l’approche open source.RTP Bluemix Meetup April 20th 2016
This document summarizes an IBM Bluemix meetup that took place on May 4, 2016 in Triangle, North Carolina. The meetup included presentations on Swift, OpenWhisk, Blockchain/Hyperledger, and a Q&A session. Attendees could learn about new technologies on IBM Bluemix like the Swift sandbox, OpenWhisk serverless platform, and IBM's involvement in the Hyperledger blockchain project. The next Bluemix meetup was scheduled for May 18, 2016.
How to Contribute to Cloud Native Computing Foundation
By,
Krishna Kumar
This very brief talk gives you an overview of how you can contribute to CNCF (Cloud Native Computing Foundation) not just through the code.
How to contribute to cloud native computing foundation (CNCF)
Contribute to cloud native computing foundation - various ways. This is an introductory presentation given in Container conference in Bangalore April 2017 and may help new comers to get in to the CNCF eco system faster.
Smart Device Link Integration into Linux systems by Jeremiah Foster
This document discusses integrating Smart Device Link (SDL), which allows connecting smartphones to in-vehicle infotainment systems running Linux, into Linux systems. SDL provides a standardized way to connect iOS and Android devices and control apps using steering wheel buttons or text-to-speech. The SDL consortium manages SDL as an open source project using permissive licenses. Integrating SDL into automotive Linux distributions like GENIVI and AGL could improve adoption by providing a common recipe and increasing collaboration opportunities across projects.
Choreo: Empowering the Future of Enterprise Software Engineering
Key topics covered:
- Real-world examples of Choreo's comprehensive coverage from application design and deployment, security, scaling, and monitoring
- Running different types of workloads, such as web applications, APIs, microservices, integrations, and tasks at scale, and wire them together to deliver seamless omnichannel digital experiences
- How Choreo improves the developer experience by eliminating repetition, silos, and redundancy through enhanced discoverability and self-serviceability
[Webinar] Automating Developer Workspace Construction for the Nuxeo Platform ...
See how Codenvy's Factories allow Nuxeo Platform developers to manage their entire development cycle in the cloud without installing anything.
This How-To webinar will walk you through the steps used to build the Codenvy factory for the Nuxeo Platform. Attendees will learn:
- How a project is edited and run in the Codenvy Cloud
- How to use a running project as the base for a one-click factory
- What Docker is, and how Dockerfiles simplify setup of the developer environment
- How to automate developer workspace construction
- How to publish a single URL that gives instant access to project contributors
Introduction to Bluemix and Watson
An overview of Bluemix, the platform's console, and steps on deploying and updating a simple application. Final slides go over several Bluemix-Watson use cases.
How open source is driving DevOps innovation: CloudOpen NA 2015
It’s no coincidence that all the interest around DevOps today comes at a time when open source technologies and processes are so dominant in cloud computing, data storage and analysis, and--increasingly--in networking. Innovations in Linux and other projects, including containers, configuration management, and continuous integration, are what make DevOps workflows and portable application deployments possible. But it’s also the result of open source culture, practices, and the tools supporting those practices that have made iterative development and collaboration such a powerful model for creating great software in communities. And now, they’re also providing a template for how to develop and operate applications internally within enterprises. In this session, we will discuss how open source tools and practices can be applied to create effective DevOps workflows and practices.
Complex Made Simple @ Bird&Birds OpenChain Seminar
This document discusses the OpenChain Project which aims to create a simple, effective industry standard for open source license compliance for organizations of all sizes. It establishes trust in multi-entity compliance through shared rules and results. The project defines best practices for compliance processes like policy, training, and tooling. It also outlines the project's status including meetings held in various regions to promote OpenChain and working groups on automotive and reference tooling. The goal is to raise awareness and simplify open source compliance.
Open by Design
IBM has a long history of contributing to open source culture through open governance models and key projects. IBM is a founding member and major contributor to projects like Hyperledger, Kubernetes, Node.js Foundation, Cloud Foundry Foundation, and more. These projects establish standards through an open and collaborative community approach. IBM also develops open source projects internally, such as Fabric for Deep Learning, to make deep learning more accessible and scalable.
Starting an Open Source Program Office (OSPO)
OpenFinTech Forum 2018 discussing starting an open source program office with a financial case study from Capital One.
The path to an hybrid open source paradigm
Open Source project failure often stems from not setting clear objectives or having a shared vision from the start. That said there are many success stories, including two well known Statistical examples: Demetra; and Eurostat SDMX tools (SDMX-RI). However, in all these examples there was at first a founding organisation/entity that created the right environment for its successful path into a new paradigm. In the context of my presentation this being the Statistical Information System Collaboration Community (SIS-CC / http://siscc.oecd.org).
Presented at the International Marketing and Output DataBase Conference, Gozd Martuljek, September 18 - 22, 2016.
OpenWhisk - Serverless Architecture
Serverless architectures are one of the hottest trends in cloud computing this year, and for good reason. There are several technical capabilities and business factors coming together to make this approach compelling from both an application development and deployment cost perspective. The new OpenWhisk project provides an open source platform to enable these cloud-native, event-driven applications.
This talk will lay out the technical and business drivers behind the rise of serverless architectures, provide an introduction to the OpenWhisk open source project (and describe how it differs from other services like AWS Lambda), and give a demonstration showing how to start developing with this new cloud computing model using the OpenWhisk implementation available on IBM Bluemix.
Lightning talk and lab presented by IBM Cloud Software Engineer, Andrew Bodine.
Best dev ops tools to master in 2022
Technologies are improving day by day that aims at catering to the needs of individuals and businesses. However, software companies require some tools when they want to improve productivity.
https://www.tycoonstory.com/resource/best-devops-tools-to-master-in-2022/
Scaling Git for Enterprise DevOps
This document discusses several Git strategies for scaling source code management in large enterprises, including using mono vs multi repositories, Git hooks, Git versioning, and public projects. It provides advantages of different repository structures, examples of Git hooks, an overview of Git Version for semantic versioning, and differences between public and private projects in Azure DevOps.
Similaire à Open Source Compliance at Orange, OW2online, June 2020 (20)
Open Source & What It Means For Self-Sovereign Identity (SSI)
Open Source & What It Means For Self-Sovereign Identity (SSI)
Choisir le bon business model et la bonne licence pour la survie de son proje...
Choisir le bon business model et la bonne licence pour la survie de son proje...
How to Contribute to Cloud Native Computing Foundation
How to Contribute to Cloud Native Computing Foundation
How to contribute to cloud native computing foundation (CNCF)
How to contribute to cloud native computing foundation (CNCF)
Smart Device Link Integration into Linux systems by Jeremiah Foster
Smart Device Link Integration into Linux systems by Jeremiah Foster
Choreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software Engineering
[Webinar] Automating Developer Workspace Construction for the Nuxeo Platform ...
[Webinar] Automating Developer Workspace Construction for the Nuxeo Platform ...
How open source is driving DevOps innovation: CloudOpen NA 2015
How open source is driving DevOps innovation: CloudOpen NA 2015
Complex Made Simple @ Bird&Birds OpenChain Seminar
Complex Made Simple @ Bird&Birds OpenChain Seminar
Plus de OW2
OW2 and RIOS teaming up to boost the open source impact, Nov. 2022 in Roma
This presentation is given by Stefano Pampaloni at the RIOS Open Source Week, Nov. 2022 in Roma.
Abstract: Established in 2007 as a non-profit organisation, OW2 is an independent community dedicated to promoting open source software for information systems and fostering their business ecosystems. OW2 federates 50+ organizations and 2500+ IT professionals worldwide. OW2 hosts 50+ technology Projects. RIOS is an Italian network of companies established in 2015 aiming to improve open source adoption and to build sustainable businesses around it
OW2 and RIOS are working together to foster collaboration between European open-source stakeholders.
The Open Source Good Governance Initiative presented at RIOS OS Week, Nov. 20...
The Good Governance Initiative (GGI) proposes a methodological framework to assess open-source awareness, compliance and governance in any kind of organizations, helping them to structure and improve the use of FOSS towards an OSPO. The GGI was initiated by OW2 and is developed by the OSPO Alliance. This presentation will give an overview of the initiative, its organization, roadmap, first achievements and next steps.
GLPi v.10, les fonctionnalités principales et l'offre cloud
Presentation de la solution open source GLPi lors de la session "Open cloud by OW2" dans la conférence Cloud Datacenter + infra des 29 et 30 juin 2022 à Paris.
Centreon: superviser le Cloud et le Legacy à partir d'une même plateforme, po...
Presentation de la solution open source Centreon lors de la session "Open Cloud by OW2" à la conférence Cloud Datacenter+Infra des 29 et 30 juin à Paris.
FusionIAM : la gestion des identités et des accés open source
La solution FusionIAM est présentée dans la session "Open Cloud by OW2", organisée lors de la conférence Cloud Datacenter + Infra les 29 et 30 juin 2022 à Paris.
OW2 Association Européenne aux racines grenobloises, transformer l'industrie ...
Connaissez-vous OW2 ? Aventure commencée en 1999 à Grenoble sur la base d'un consortium industriel dédié au middleware open source, devenu association sans but lucratif d'échelle européenne en 2006 sous le nom d'OW2, nous agissons pour la diffusion du libre dans le monde professionnel depuis plus de 20 ans.
OW2 compte des adhérents de toute taille : 2.600 individuels en adhésion gratuite, et 30 institutionnels, de la TPE unipersonnelle à Orange, Microsoft ou Huawei, de l'Inria ou le Fraunhofer Fokus à la Gendarmerie Nationale ou la ville de Paris.
Nos projets sont plus célèbres que nous : ASM, Centreon, Lutece, PrestaShop, Sympa ou Rocket.Chat vous diront peut-être quelque chose ?
Philosophiquement, OW2 se trouve quelque part entre Eclipse et Apache : culture technique, infrastructure d'hébergement et d'assistance pour les projets, sur la ligne de crête entre l'esprit du libre et les contraintes du business, nous sommes un acteur de l'économie sociale, persuadé que l'open source est central dans une transformation sociétale nécessaire qui ne pourra se faire sans l'adhésion du monde industriel et académique.
A un tournant de notre histoire, nous investissons le créneau de la qualité industrielle des projets avec notre méthodologie "Market readiness Levels", et la gouvernance de l'open-source comme membre fondateur de l'OSPO Alliance (ospo.zone) et éditeur du guide méthodologique "OSS Good Governance handbook".
Ne nous y trompons pas : OW2 est un acteur éminemment politique, porteur d'une vision fondée sur la transformation du monde professionnel et de ses valeurs par le code et la coopération. Et cette présentation, avec un survol de notre histoire, adhérents, initiatives et projets, est également l'occasion d'en débattre.
SFScon'20 Bringing the User into the Equation
The document discusses three initiatives by OW2 to engage mainstream open source software users. It describes a beta-testing campaign platform to get user feedback, a market readiness levels assessment to help users evaluate projects, and an open source governance initiative to help users adopt best practices. The overall goal is to bring users into the open source ecosystem to help projects become more sustainable.
Towards a sustainable solution to open source sustainability, OW2online20, Ju...
A few years ago, Heartbleed epitomized a massive open source sustainability problem for critical parts of the internet infrastructure. The bug, which affected the popular OpenSSL cryptographic software library, notably compromised the confidentiality of 4.5 million US patient records and cost the industry an estimated $500M. It was soon revealed that the root cause of the issue was that OpenSSL was precariously understaffed. Open source sustainability became a major theme overnight. Stories of maintainer burn-out made the headlines. And tentative solutions started to emerge, most of them donation-based. In this talk we’ll explore a number of existing strategies to fund open source and make it more sustainable, from patronage to dedicated ad networks. And we’ll defend the idea that the best path to open source sustainability is to help companies understand the tangible business value they can get from contributing to open source.
Advanced proactive and polymorphing cloud application adaptation with MORPHEM...
Presentation of the advanced optimization concepts for cloud computing application using open source Melodic/Morphemic platform. It will cover application architecture polymorphing and proactive adaptation based on forecasted applications needs.
Open Source governance and the Eclipse Foundation, OW2online, June 2020
Presentation by Gael Blondelle, Managing Director at Eclipse Foundation.
Abstract:
In this talk, we will cover two complementary topics: The different Eclipse projects related to Open Source governance, like Eclipse SW360, SW360 Antenna, and Eclipse Steady, as well as the opportunity to leverage SW360 as the core of a larger Open Source governance initiative.
The Eclipse IP Process that has been applied to hundreds of Eclipse projects for more than 15 years and is going through a modernization process that involves both simplification from the developer point of view, and openness to new source of trusted data like Clearly Defined.
Open source contribution policies, OW2online, June 2020
Open source contribution policies are long, boring, overlooked documents, that generally suck. They're designed to protect the company at all costs. But in the process, end up hurting engineering productivity, and morale. Sometimes they even unknowingly put corporate IP at risk.
But that's not inevitable.
It's possible to write open source contribution policies that make engineers lives easier, boost morale and productivity, reduce attrition, and attract new talent. And it's possible to do so while reducing the company's IP risk, not increasing it.
In this talk, we'll look at the general structure of contribution policies, examples in the wild, and tactics to make them suck less.
We'll also look at how to turn these policies into self-service software, preventing the tedious email back and forth between engineering and legal in most cases and making open source contribution a breeze. Presentation by Tobbie Langel, UnLockOpen.
Software development at scale, pandemic lockdown and oss ecosystems, OW2onlin...
The document discusses using open source development techniques within companies through an approach called InnerSource. It suggests that InnerSource can help companies be more resilient, as open source projects have been during the COVID-19 pandemic, by breaking down silos and fostering distributed development communities within organizations. To effectively manage InnerSource, companies should use a data-driven approach and define metrics for people, processes, and community engagement to track success over time in a continuous improvement model.
Overview of the OpenChain Reference Tooling Work Group, OW2online20, June 2020
Presentation by Olivier Fendt, Senior Manager Open Source Software at Siemens.
Abstract: The well-known OpenChain project launched in Sept 2019 a Tooling Group. The objective of this group is to realize a turn-key Open Source toolchain for Open Source Compliance, which is / can be easily integrated in the software development CI/CD pipelines. The Tooling Group uses open source principles to accomplish this, creating a meritocracy producing real world solutions for real world challenges, and sharing these results with all interested parties. The presentation gives an overview of the Tooling group its objectives, the areas of focus, the current state and future plans.
Ideas, methods and tools for OSS Compliance assessment, OW2online, June 2020
Presentation by Boris Baldassari, Consultant, Castalia Solutions.
Abstract: While Open Source Software has become mainstream, the understanding of its key principles, from ethics and collaboration to governance and community management, is gaining more interest and attention. There is a comprehensive volume of studies and reports backing up our individual and collective experience, yet we still cannot reliably measure these characteristics, and even less clearly define or assess them.
In an attempt to build up confidence and foster maturity in this area, this talk will look at the various existing models and metrics related to OSS compliance and governance, and build upon them to propose methods and tools for their evaluation and analysis. We will discuss the requirements and essential questions to ask, offer guidelines for implementation and suggest efficient ways to present results.
Intelligent package management with FASTEN, OW2online, June 2020
Presentation by Amir Mir, TUDelft.
As recent events, such as the leftpad incident and the Equifax data breach, have demonstrated, dependencies on networks of external libraries can introduce projects to significant operational and compliance risks as well as difficult to assess security implications. FASTEN introduces fine-grained, method-level, tracking of dependencies on top of existing dependency management networks. In our talk, we will present how FASTEN works on top of the Rust/Cargo and Java/Maven ecosystems.
DECODER, a Smarter Environment for DevOps Teams , OW2online, June 2020
The DECODER project simplifies software library and component reuse, while ensuring that they will behave as expected by the developer. The DECODER central database (PKM) stores code-related artifacts and establish bindings between them, notably by generating formal specification from informal requirements or semi-formal models from source code. Presentation by Virgile Prevosto, CEA List.
Enabling DevOps for IoT software development, powered by Open Source, OW2onli...
Presentation by Hui Song, Senior Scientist, SINTEF. We would like to share our research journey towards enabling DevOps for IoT applications, and how Open Source makes the journey feasible and fun.
DevOps is widely adopted for developing cloud applications, which supports developers in continuously placing software changes directly to production. As companies are including IoT and Edge devices into their IT infrastructures, supporting DevOps for IoT is a must. However, IoT challenges some fundamental assumptions behind DevOps, such as the homogeneous infrastructure and centralized governance, and therefore, breaking-through research is needed. Funded by H2020, 30 people from 12 partners crossing academia and industry gathered to solve these fundamental challenges, which results in full-stack open source tools for automatic deployment, learning-based operation and security monitoring of IoT applications, and risk management of the development process. The tools are evaluated on industrial use cases in intelligent transportation, smart building, and eHealth.
The mass open source tools and communities around IoT development provides the sound foundation for this design research and the opportunities for the further exploitation of the results. In particular, we are proud of spinning off a start-up to commercialize the risk management services in the open source + SaaS model.
Upcoming Challenges in Artificial Intelligence Research and Development, OW2o...
Artificial Intelligence is now smarter than ever, showing human-like abilities at complex tasks such as images classification or natural language processing.
But despite its recent advances, it's still not a silver bullet. This talk will present a few challenges in the research and development of artificial intelligence that slow down its progress and adoption. In particular, problems around fairness, the training of models and how to share them will be introduced as well as possible Free Software solutions. Presentation by Vincent Lequertier, PhD Student, Lyon UNiverversity.
Cacti and Big Data at Orange France, OW2online, June 2020
We propose a walkthrough of current utilization of Open Source Software in capacity planning for the Orange network infrastructure.
The objective of our project is to have a platform that helps engineers to carefully plan the resources available to them as well as to correlate different incidents within remote parts of the infrastructure.
In order to achieve this we started using Cacti with the Spine collector which worked great, but Orange France is a very large company with many entities, each with its own governance, and so we began to see some limitations.
There was a need to centralize some information from different parts in Orange France as well as to integrate the equipment capacity and load values into BigData Orange.
In order to achieve this we developed the “Puits de donneés” platform completely based on Open Source Software.
The visualization and statistical analysis part is handled by Grafana while the ETL runs on Apache Software Foundation products like NiFi, Zookeeper and Ambari with a storage solution from MariaDB for which we did extensive performance tuning and customization due to the large amounts of data.
Open Source Geographic Information System at Orange, OW2online, June 2020
We will present the platform, its component, and will discuss the challenges we met with its deployment.
Our platform is for engineer deploying Fiber to Home/Office , providing GIS capabilities among several layers on a Map. Developed by an Orange team of 30 people, half based in Lannion (Britany) and half in Tunis(Tunisia). components : Angular/OpenLayer, Springboot/PostgreSql(with Gis extensions)/GeoServer/QGIS, mapfishprint for PDF. Available on thin client or via APi.
The team was able to develop the platform according to business requirements, thanks to the technical support of our open source partner : Oslandia.
Moreover, Orange played the open source game by giving back to the community the evolutions on the components.
Plus de OW2 (20)
OW2 and RIOS teaming up to boost the open source impact, Nov. 2022 in Roma
OW2 and RIOS teaming up to boost the open source impact, Nov. 2022 in Roma
The Open Source Good Governance Initiative presented at RIOS OS Week, Nov. 20...
The Open Source Good Governance Initiative presented at RIOS OS Week, Nov. 20...
GLPi v.10, les fonctionnalités principales et l'offre cloud
GLPi v.10, les fonctionnalités principales et l'offre cloud
Centreon: superviser le Cloud et le Legacy à partir d'une même plateforme, po...
Centreon: superviser le Cloud et le Legacy à partir d'une même plateforme, po...
FusionIAM : la gestion des identités et des accés open source
FusionIAM : la gestion des identités et des accés open source
OW2 Association Européenne aux racines grenobloises, transformer l'industrie ...
OW2 Association Européenne aux racines grenobloises, transformer l'industrie ...
Towards a sustainable solution to open source sustainability, OW2online20, Ju...
Towards a sustainable solution to open source sustainability, OW2online20, Ju...
Advanced proactive and polymorphing cloud application adaptation with MORPHEM...
Advanced proactive and polymorphing cloud application adaptation with MORPHEM...
Open Source governance and the Eclipse Foundation, OW2online, June 2020
Open Source governance and the Eclipse Foundation, OW2online, June 2020
Open source contribution policies, OW2online, June 2020
Open source contribution policies, OW2online, June 2020
Software development at scale, pandemic lockdown and oss ecosystems, OW2onlin...
Software development at scale, pandemic lockdown and oss ecosystems, OW2onlin...
Overview of the OpenChain Reference Tooling Work Group, OW2online20, June 2020
Overview of the OpenChain Reference Tooling Work Group, OW2online20, June 2020
Ideas, methods and tools for OSS Compliance assessment, OW2online, June 2020
Ideas, methods and tools for OSS Compliance assessment, OW2online, June 2020
Intelligent package management with FASTEN, OW2online, June 2020
Intelligent package management with FASTEN, OW2online, June 2020
DECODER, a Smarter Environment for DevOps Teams , OW2online, June 2020
DECODER, a Smarter Environment for DevOps Teams , OW2online, June 2020
Enabling DevOps for IoT software development, powered by Open Source, OW2onli...
Enabling DevOps for IoT software development, powered by Open Source, OW2onli...
Upcoming Challenges in Artificial Intelligence Research and Development, OW2o...
Upcoming Challenges in Artificial Intelligence Research and Development, OW2o...
Cacti and Big Data at Orange France, OW2online, June 2020
Cacti and Big Data at Orange France, OW2online, June 2020
Open Source Geographic Information System at Orange, OW2online, June 2020
Open Source Geographic Information System at Orange, OW2online, June 2020
Dernier
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for life science domain, where you retriever information from biomedical knowledge graphs using LLMs to increase the accuracy and performance of generated answers
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
Project Management Semester Long Project - Acuity
Acuity is an innovative learning app designed to transform the way you engage with knowledge. Powered by AI technology, Acuity takes complex topics and distills them into concise, interactive summaries that are easy to read & understand. Whether you're exploring the depths of quantum mechanics or seeking insight into historical events, Acuity provides the key information you need without the burden of lengthy texts.
Introduction of Cybersecurity with OSS at Code Europe 2024
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
National Security Agency - NSA mobile device best practices
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift
Overview
Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices.
Key Topics Covered
1. Introduction to Anomaly Detection
- Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems.
2. Understanding Edge (IoT)
- Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source.
3. What is ArgoCD?
- Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices.
4. Deployment Using ArgoCD for Edge Devices
- Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD.
5. Introduction to Apache Kafka and S3
- Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions.
6. Viewing Kafka Messages in the Data Lake
- Learn how to view and analyze Kafka messages stored in a data lake for better insights.
7. What is Prometheus?
- Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices.
8. Monitoring Application Metrics with Prometheus
- Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system.
9. What is Camel K?
- Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes.
10. Configuring Camel K Integrations for Data Pipelines
- Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow.
11. What is a Jupyter Notebook?
- Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text.
12. Jupyter Notebooks with Code Examples
- Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
5th LF Energy Power Grid Model Meet-up Slides
5th Power Grid Model Meet-up
It is with great pleasure that we extend to you an invitation to the 5th Power Grid Model Meet-up, scheduled for 6th June 2024. This event will adopt a hybrid format, allowing participants to join us either through an online Mircosoft Teams session or in person at TU/e located at Den Dolech 2, Eindhoven, Netherlands. The meet-up will be hosted by Eindhoven University of Technology (TU/e), a research university specializing in engineering science & technology.
Power Grid Model
The global energy transition is placing new and unprecedented demands on Distribution System Operators (DSOs). Alongside upgrades to grid capacity, processes such as digitization, capacity optimization, and congestion management are becoming vital for delivering reliable services.
Power Grid Model is an open source project from Linux Foundation Energy and provides a calculation engine that is increasingly essential for DSOs. It offers a standards-based foundation enabling real-time power systems analysis, simulations of electrical power grids, and sophisticated what-if analysis. In addition, it enables in-depth studies and analysis of the electrical power grid’s behavior and performance. This comprehensive model incorporates essential factors such as power generation capacity, electrical losses, voltage levels, power flows, and system stability.
Power Grid Model is currently being applied in a wide variety of use cases, including grid planning, expansion, reliability, and congestion studies. It can also help in analyzing the impact of renewable energy integration, assessing the effects of disturbances or faults, and developing strategies for grid control and optimization.
What to expect
For the upcoming meetup we are organizing, we have an exciting lineup of activities planned:
-Insightful presentations covering two practical applications of the Power Grid Model.
-An update on the latest advancements in Power Grid -Model technology during the first and second quarters of 2024.
-An interactive brainstorming session to discuss and propose new feature requests.
-An opportunity to connect with fellow Power Grid Model enthusiasts and users.
20240609 QFM020 Irresponsible AI Reading List May 2024
Everything I found interesting about the irresponsible use of machine intelligence in May 2024
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
TrustArc Webinar - 2024 Global Privacy Survey
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
20240607 QFM018 Elixir Reading List May 2024
Everything I found interesting about the Elixir programming ecosystem in May 2024
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on integration of Salesforce with Bonterra Impact Management.
Interested in deploying an integration with Salesforce for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Artificial Intelligence for XMLDevelopment
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
How to Get CNIC Information System with Paksim Ga.pptx
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Fueling AI with Great Data with Airbyte Webinar
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
Building Production Ready Search Pipelines with Spark and Milvus
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
Dernier (20)
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
Open Source Compliance at Orange, OW2online, June 2020
- 1. 2020 OW2 CONF OPEN SOURCE COMPLIANCE TOOLS & PROCESSES: HOW WE DO IT AT ORANGE Date: June 17h 2020 Author: Nicolas Toussaint
- 2. WHY SHARING Isn't it that we get better together ?
- 3. HOW WE DO IT: I. PROCESSES II. TOOLING III. CONCLUSION
- 5. I. COMPLIANCE PROCESSES ACCROSS THE GROUP, VERY DIFFERENT ACTIVITIES: Internal projects, and B2C services => open source publications Software development, B2B services => software distributions Cloud hosting services => Run [modified] open source software as SAAS Integration services => Deploy [modified] open source softwares on customers' premises And always: contributions to existing open sources projects of all sizes
- 7. I. COMPLIANCE PROCESSES 3 SITUATIONS Publications: material is released under an open source licence Large contributions to existing projects Distributions: material is distributed to customers (and customers may distribute to their customers) Patches: small contributions to existing projects
- 8. I. COMPLIANCE PROCESSES THE ORGANISATION Open source usage validation relies on: open source referents accross the group a small team of lawyer and IP specialised in open source an audit team to conduct scans for the projects
- 9. I. COMPLIANCE PROCESSES THE PROCESS 1. The projects make a request 2. Request is assigned to an OSS Referent 3. Project is prepared in terms of "use cases" Front-end, back-end, embedded, mobile, standalone software 4. Source code is scanned and a factual report is produced 5. Report is analysed with, at least, a lawyer, Project members and the referent 6. A validation is given (or not), together with a set of recommendations to apply 7. The referent assists and verifies that the recommendatrions are applied, and also validates the ticket. 8. The project can publish, or distribute !
- 12. II. COMPLIANCE TOOLING WHAT WE NEED For each analysed projects, we want to know: the open source components: integrated + dependencies For each component, we want to know: its name, version, licence, copyright, reference URL has the component been modified ? For complex projects: the architecture, third parties, contracts, etc. For publication: CLA and DCO
- 13. II. COMPLIANCE TOOLING SOURCE CODE ANALYSIS, NO DEPENDENCY Here Fossology is perfect: We manage multiple Docker based central instances Automatic build mixing home-grown feature with community version Automated deployement
- 14. II. COMPLIANCE TOOLING DEPENDENCY ANALYSIS Here, multiple tools are used Including Opensource Review Toolkit but nothing is automated... yet
- 15. II. COMPLIANCE TOOLING INTEGRATION GitLab-CI and Jenkins can trigger Fossology scans KPIS A new dashboarding solution is crafted to measure Fossology usage Soon to be published and shared !
- 17. III. CONCLUSION ALL IN ALL: IT WORKS ! BUT LET'S IMPROVE ...
- 18. III. CONCLUSION We have: a strong process, dedicated referents integrated, and improving tooling dedicated lawyers and IP specialist a team specialised in Fossology scanning
- 19. III. CONCLUSION We need: More control : better dependency and container analysis More tooling integration and automation Better KPIs => Looking forward to use Bitergia's dashboards ! We also need more cooperation: Open Source Compliance Tooling Group => to imagine and build tomorrow's tooling ! OW2 Good Governance Iniative, to share and improve governance practices
- 20. RESOURCES Some of the resources on which our compliance relies (or will rely) Open Source Compliance Tooling Group: Fossology: Opensource Review Toolkit: Bitergia dashboards: https://oss-compliance-tooling.org/ https://www.fossology.org/ https://oss-review-toolkit.org/ https://bitergia.com/bitergia-analytics/