Dirk Riehle's Industry and Research Publications

Upcoming talk on establishing open source license compliance using continuous integration

Philippe Ombredanne, lead maintainer of ScanCode, will give a talk on open source license compliance, injected into my own lecture series on commercial open source software, both organized by CROSS, the Center for Research on Open Source Software at UC Santa Cruz.


Open source has changed deeply how projects and products are created; they are now assembled mostly from many diverse and fast evolving third-party open source packages and components instantly downloadable from millions of repositories on the web. Therefore, we need workflows and supporting tools to keep up with this volume, diversity and speed:

  • To ensure open source origin traceability,
  • to achieve open source license compliance, and
  • also to proactively manage security, quality, sustainability and currency of these many components.

In this talk, we will present practical examples of workflows for open source and how to integrate these in a continuous integration / delivery pipeline with a focus on origin tracing and license compliance. A key component of our examples is the use of free and open source tools themselves (such as ScanCode and others) to ensure we know what open source is included in the deliverable and assemble the necessary legal notices.

ScanCode is an open source project, and the presenter is its leading developer.


Philippe Ombredanne is the chief technology officer at nexB, Inc. Los Altos, California; the maintainer of the ScanCode toolkit project; and a lead maintainer for AboutCode.org free and open source (FOSS) projects with a mission to enable easier and safer reuse of FOSS code with best in class open source Software Composition Analysis tools for open source origin discovery, license & security compliance. Philippe contributes to several other open source projects including to the Linux kernel SPDX-ification; the SPDX and ACT projects at the Linux Foundation, the ClearlyDefined projects, strace, several Python tools, and previously to JBoss, Eclipse and Mozilla. Philippe has also been a long time Google Summer of Code mentor and org admin.

Date, Time, and Registration

  • Date: Tuesday, July 13th, 2019
  • Time: 8am PST, 5pm CET
  • Link: Registration (through our partner, UCSC)

Newsletter subscription


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.


Share the joy

Share on LinkedIn

Share by email

Share on X (Twitter)

Share on WhatsApp

Featured startups

QDAcity makes collaborative qualitative data analysis fun and easy.
EDITIVE makes document collaboration more effective.

Featured projects

Making free and open data easy, safe, and reliable to use
Bringing business intelligence to engineering management
Making open source in products easy, safe, and fun to use