Understanding associated software licenses is non-negotiable before delivering application software to customers. However, tracking and managing the manifest of licenses associated with your application and associated dependencies is a time consuming,challenging and a never ending process.
Grant is our latest open source tool aiding teams in tackling this complex license management problem. Grant allows users to list and examine existing licenses, using SBOMs generated from source code repositories or application container images. Users generate a report showing their compliance with a set policy without having to manually comb through licenses one by one. Dev teams assert and establish the license presence in the application, ship faster, and eliminate non compliant packages earlier.
In this webinar, Dan Nurmi, Anchore CTO, and Christopher Phillips, Senior Software Engineer, will:
Provide an overview of the software license landscape today
Explain why license checks are so cumbersome and
Give a Live demo how Grant improves and simplifies license check,
And automates the process of generating license reports.
www.anchore.com
SQL Database Design For Developers at php[tek] 2024
Tracking license compliance made easy - intro to Grant (OSS)
1. Tracking License Compliance Made
Easy - Intro to Grant (OSS)
Christopher Phillips
Software Engineer
Anchore
Daniel Nurmi
CTO
Anchore
2. Housekeeping
01
02
03
All participant lines are muted
Questions will be accepted throughout, enter questions via Q&A panel
You will receive a follow-up email with a link to the recording
04 Please respond to poll questions as they are appear on your screen
3. Anchore | Software Supply Chain Management
Anchore | Software Supply Chain Management
Securing your
software supply chain
with a frictionless
developer experience
that optimizes velocity
Your DevOps Process
Run
Deploy
Test
Build
Develop
Source
13. This seems more complicated than it should be…
v2.0.1
v1.0
v2.0
v3.0
14. Challenges when manually building that sheet
● Often lots of repeatable work that’s
hard to persist over changes
● Better for machines to recognize
the actual license ID
● Context of the reviewer on if
licenses should be accepted as is
or if SPDX the statement has
wiggle room
15. Challenges when building bespoke specialized tooling
● Works for only certain images
and hard when application
requirements change
● Scaling into different processes
is hard and requires more
development time
● Always switching contexts
between delivering for the
customer and delivering
compliance and process
16. How do we move towards a generalized SBOM path?
24. Anchore Enterprise
Software Composition Analysis from Code to Cloud
Cloud-native
Focus
Fast scanning of containerized applications, at scale
High Fidelity SBOMs to identify OSS dependencies and security issues
Multi-stage scanning across Git, CI/CD, Registry, and Kubernetes
Open Source
Centric
End to End
Coverage
Controls for NIST, FedRAMP, DISA and more.
Compliance
Automation
25. Anchore Enterprise
Software Composition Analysis from Code to Cloud
Cloud-native
Focus
Fast scanning of containerized applications, at scale
High Fidelity SBOMs to identify OSS dependencies and security issues
Multi-stage scanning across Git, CI/CD, Registry, and Kubernetes
Open Source
Centric
End to End
Coverage
Controls for NIST, FedRAMP, DISA and more.
Compliance
Automation
26. Next Steps
Get started with Grant today and contribute
https://github.com/anchore/grant
Join our community Slack
https://get.anchore.com/join-anchore-community/
Next community meeting
https://github.com/anchore/syft?tab=readme-ov-file#join-
our-community-meetings
Learn more about Anchore Enterprise
https://anchore.com/platform
27. Thank you for joining!
Schedule a demo of our platform at get.anchore.com/demo-request