SlideShare a Scribd company logo

Tracking license compliance made easy - intro to Grant (OSS)

Anchore
Anchore

Understanding associated software licenses is non-negotiable before delivering application software to customers. However, tracking and managing the manifest of licenses associated with your application and associated dependencies is a time consuming,challenging and a never ending process. Grant is our latest open source tool aiding teams in tackling this complex license management problem. Grant allows users to list and examine existing licenses, using SBOMs generated from source code repositories or application container images. Users generate a report showing their compliance with a set policy without having to manually comb through licenses one by one. Dev teams assert and establish the license presence in the application, ship faster, and eliminate non compliant packages earlier. In this webinar, Dan Nurmi, Anchore CTO, and Christopher Phillips, Senior Software Engineer, will: Provide an overview of the software license landscape today Explain why license checks are so cumbersome and Give a Live demo how Grant improves and simplifies license check, And automates the process of generating license reports. www.anchore.com

Technology
1 of 27
Tracking License Compliance Made Easy - Intro to Grant (OSS) Christopher Phillips Software Engineer Anchore Daniel Nurmi CTO Anchore
Housekeeping 01 02 03 All participant lines are muted Questions will be accepted throughout, enter questions via Q&A panel You will receive a follow-up email with a link to the recording 04 Please respond to poll questions as they are appear on your screen
Anchore | Software Supply Chain Management Anchore | Software Supply Chain Management Securing your software supply chain with a frictionless developer experience that optimizes velocity Your DevOps Process Run Deploy Test Build Develop Source
Agenda Introductions 01 02 Open Source License Headaches 03 Automating License Lists and their Component Associations 04 Q&A
Consumers Need More Than Your Product
That Thing…
This is a good problem to have Usually only have to do when you’ve gained a customer, however…
Go From This
To This
To This v1.0 v2.0
To This v3.0 v1.0 v2.0
To This v2.0.1 v1.0 v2.0 v3.0
This seems more complicated than it should be… v2.0.1 v1.0 v2.0 v3.0
Challenges when manually building that sheet ● Often lots of repeatable work that’s hard to persist over changes ● Better for machines to recognize the actual license ID ● Context of the reviewer on if licenses should be accepted as is or if SPDX the statement has wiggle room
Challenges when building bespoke specialized tooling ● Works for only certain images and hard when application requirements change ● Scaling into different processes is hard and requires more development time ● Always switching contexts between delivering for the customer and delivering compliance and process
How do we move towards a generalized SBOM path?
Introducing Grant!
Combining Tools for Best Results
Remove Developers From The Interruption Path
Github Actions Workflow -
SBOM -> Licenses -
Single Dispatch
Single Click - Packages and Licenses -
Anchore Enterprise Software Composition Analysis from Code to Cloud Cloud-native Focus Fast scanning of containerized applications, at scale High Fidelity SBOMs to identify OSS dependencies and security issues Multi-stage scanning across Git, CI/CD, Registry, and Kubernetes Open Source Centric End to End Coverage Controls for NIST, FedRAMP, DISA and more. Compliance Automation
Anchore Enterprise Software Composition Analysis from Code to Cloud Cloud-native Focus Fast scanning of containerized applications, at scale High Fidelity SBOMs to identify OSS dependencies and security issues Multi-stage scanning across Git, CI/CD, Registry, and Kubernetes Open Source Centric End to End Coverage Controls for NIST, FedRAMP, DISA and more. Compliance Automation
Next Steps Get started with Grant today and contribute https://github.com/anchore/grant Join our community Slack https://get.anchore.com/join-anchore-community/ Next community meeting https://github.com/anchore/syft?tab=readme-ov-file#join- our-community-meetings Learn more about Anchore Enterprise https://anchore.com/platform
Thank you for joining! Schedule a demo of our platform at get.anchore.com/demo-request

Recommended

Software Security in the Real World w/Kelsey Hightower
Software Security in the Real World w/Kelsey HightowerSoftware Security in the Real World w/Kelsey Hightower
Software Security in the Real World w/Kelsey HightowerAnchore
 
Agile & DevOps - It's all about project success
Agile & DevOps - It's all about project successAgile & DevOps - It's all about project success
Agile & DevOps - It's all about project successAdam Stephensen
 
Continuous delivery @wcap 5-09-2013
Continuous delivery @wcap 5-09-2013Continuous delivery @wcap 5-09-2013
Continuous delivery @wcap 5-09-2013David Funaro
 
The Continuous delivery value - Funaro
The Continuous delivery value - FunaroThe Continuous delivery value - Funaro
The Continuous delivery value - FunaroCodemotion
 
The Continuous delivery Value @ codemotion 2014
The Continuous delivery Value @ codemotion 2014The Continuous delivery Value @ codemotion 2014
The Continuous delivery Value @ codemotion 2014David Funaro
 
DevOps: Age Of CI/CD
DevOps: Age Of CI/CDDevOps: Age Of CI/CD
DevOps: Age Of CI/CDMoogleLabs default
 
Application Lifecycle Management
Application Lifecycle ManagementApplication Lifecycle Management
Application Lifecycle ManagementAmazon Web Services
 
Getting Started With Continuous Delivery on AWS - AWS April 2016 Webinar Series
Getting Started With Continuous Delivery on AWS - AWS April 2016 Webinar SeriesGetting Started With Continuous Delivery on AWS - AWS April 2016 Webinar Series
Getting Started With Continuous Delivery on AWS - AWS April 2016 Webinar SeriesAmazon Web Services
 

Recommended

Software Security in the Real World w/Kelsey Hightower
Software Security in the Real World w/Kelsey HightowerSoftware Security in the Real World w/Kelsey Hightower
Software Security in the Real World w/Kelsey HightowerAnchore
 
Agile & DevOps - It's all about project success
Agile & DevOps - It's all about project successAgile & DevOps - It's all about project success
Agile & DevOps - It's all about project successAdam Stephensen
 
Continuous delivery @wcap 5-09-2013
Continuous delivery @wcap 5-09-2013Continuous delivery @wcap 5-09-2013
Continuous delivery @wcap 5-09-2013David Funaro
 
The Continuous delivery value - Funaro
The Continuous delivery value - FunaroThe Continuous delivery value - Funaro
The Continuous delivery value - FunaroCodemotion
 
The Continuous delivery Value @ codemotion 2014
The Continuous delivery Value @ codemotion 2014The Continuous delivery Value @ codemotion 2014
The Continuous delivery Value @ codemotion 2014David Funaro
 
DevOps: Age Of CI/CD
DevOps: Age Of CI/CDDevOps: Age Of CI/CD
DevOps: Age Of CI/CDMoogleLabs default
 
Application Lifecycle Management
Application Lifecycle ManagementApplication Lifecycle Management
Application Lifecycle ManagementAmazon Web Services
 
Getting Started With Continuous Delivery on AWS - AWS April 2016 Webinar Series
Getting Started With Continuous Delivery on AWS - AWS April 2016 Webinar SeriesGetting Started With Continuous Delivery on AWS - AWS April 2016 Webinar Series
Getting Started With Continuous Delivery on AWS - AWS April 2016 Webinar SeriesAmazon Web Services
 
Introducing Continuous Integration Using Vsts
Introducing Continuous Integration Using VstsIntroducing Continuous Integration Using Vsts
Introducing Continuous Integration Using VstsMohamed Samy
 
Accelerate User Driven Innovation [Webinar]
Accelerate User Driven Innovation [Webinar]Accelerate User Driven Innovation [Webinar]
Accelerate User Driven Innovation [Webinar]Dynatrace
 
Enterprise DevOps and the Modern Mainframe Webcast Presentation
Enterprise DevOps and the Modern Mainframe Webcast PresentationEnterprise DevOps and the Modern Mainframe Webcast Presentation
Enterprise DevOps and the Modern Mainframe Webcast PresentationCompuware
 
Data Engineer's Lunch #68: DevOps Fundamentals
Data Engineer's Lunch #68: DevOps FundamentalsData Engineer's Lunch #68: DevOps Fundamentals
Data Engineer's Lunch #68: DevOps FundamentalsAnant Corporation
 
Agile Code Reviews: Supporting collaboration and improving production uptime ...
Agile Code Reviews: Supporting collaboration and improving production uptime ...Agile Code Reviews: Supporting collaboration and improving production uptime ...
Agile Code Reviews: Supporting collaboration and improving production uptime ...Atlassian
 
DevOps on AWS
DevOps on AWSDevOps on AWS
DevOps on AWSAmazon Web Services
 
Dops 1033 dev-ops_review_final
Dops 1033 dev-ops_review_finalDops 1033 dev-ops_review_final
Dops 1033 dev-ops_review_finalDaniel Berg
 
DevOps Delivery Pipeline
DevOps Delivery PipelineDevOps Delivery Pipeline
DevOps Delivery PipelineDenis Korchuganov
 
Salesforce cicd integration a quick guide
Salesforce cicd integration a quick guideSalesforce cicd integration a quick guide
Salesforce cicd integration a quick guideKaty Slemon
 
Webinar: “Continuous Delivery: il tuo primo passo verso il DevOps”
Webinar: “Continuous Delivery: il tuo primo passo verso il DevOps”Webinar: “Continuous Delivery: il tuo primo passo verso il DevOps”
Webinar: “Continuous Delivery: il tuo primo passo verso il DevOps”Emerasoft, solutions to collaborate
 
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer ToolsDevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer ToolsAmazon Web Services
 
Make Software Audit Nightmares a Thing of the Past
Make Software Audit Nightmares a Thing of the PastMake Software Audit Nightmares a Thing of the Past
Make Software Audit Nightmares a Thing of the PastXebiaLabs
 
Webinar : Microservices and Containerization
Webinar : Microservices and ContainerizationWebinar : Microservices and Containerization
Webinar : Microservices and ContainerizationNewt Global Consulting LLC
 
Deployment Automation for Hybrid Cloud and Multi-Platform Environments
Deployment Automation for Hybrid Cloud and Multi-Platform EnvironmentsDeployment Automation for Hybrid Cloud and Multi-Platform Environments
Deployment Automation for Hybrid Cloud and Multi-Platform EnvironmentsIBM UrbanCode Products
 
Continuous Everything
Continuous EverythingContinuous Everything
Continuous EverythingAndrea Tino
 
[WSO2Con EU 2017] Continuous Integration, Delivery and Deployment: Accelerate...
[WSO2Con EU 2017] Continuous Integration, Delivery and Deployment: Accelerate...[WSO2Con EU 2017] Continuous Integration, Delivery and Deployment: Accelerate...
[WSO2Con EU 2017] Continuous Integration, Delivery and Deployment: Accelerate...WSO2
 
DevOps For Everyone: Bringing DevOps Success to Every App and Every Role in y...
DevOps For Everyone: Bringing DevOps Success to Every App and Every Role in y...DevOps For Everyone: Bringing DevOps Success to Every App and Every Role in y...
DevOps For Everyone: Bringing DevOps Success to Every App and Every Role in y...Siva Rama Krishna Chunduru
 
Agility and Control from AWS [FutureStack16]
Agility and Control from AWS [FutureStack16]Agility and Control from AWS [FutureStack16]
Agility and Control from AWS [FutureStack16]New Relic
 
DevOps CTO Masterclass | Webinar Oct. 2020
DevOps CTO Masterclass | Webinar Oct. 2020DevOps CTO Masterclass | Webinar Oct. 2020
DevOps CTO Masterclass | Webinar Oct. 2020Cyber-Duck
 
How to go from waterfall app dev to secure agile development in 2 weeks
How to go from waterfall app dev to secure agile development in 2 weeks How to go from waterfall app dev to secure agile development in 2 weeks
How to go from waterfall app dev to secure agile development in 2 weeks Ulf Mattsson
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 

More Related Content

Similar to Tracking license compliance made easy - intro to Grant (OSS)

Introducing Continuous Integration Using Vsts
Introducing Continuous Integration Using VstsIntroducing Continuous Integration Using Vsts
Introducing Continuous Integration Using VstsMohamed Samy
 
Accelerate User Driven Innovation [Webinar]
Accelerate User Driven Innovation [Webinar]Accelerate User Driven Innovation [Webinar]
Accelerate User Driven Innovation [Webinar]Dynatrace
 
Enterprise DevOps and the Modern Mainframe Webcast Presentation
Enterprise DevOps and the Modern Mainframe Webcast PresentationEnterprise DevOps and the Modern Mainframe Webcast Presentation
Enterprise DevOps and the Modern Mainframe Webcast PresentationCompuware
 
Data Engineer's Lunch #68: DevOps Fundamentals
Data Engineer's Lunch #68: DevOps FundamentalsData Engineer's Lunch #68: DevOps Fundamentals
Data Engineer's Lunch #68: DevOps FundamentalsAnant Corporation
 
Agile Code Reviews: Supporting collaboration and improving production uptime ...
Agile Code Reviews: Supporting collaboration and improving production uptime ...Agile Code Reviews: Supporting collaboration and improving production uptime ...
Agile Code Reviews: Supporting collaboration and improving production uptime ...Atlassian
 
Dops 1033 dev-ops_review_final
Dops 1033 dev-ops_review_finalDops 1033 dev-ops_review_final
Dops 1033 dev-ops_review_finalDaniel Berg
 
Salesforce cicd integration a quick guide
Salesforce cicd integration a quick guideSalesforce cicd integration a quick guide
Salesforce cicd integration a quick guideKaty Slemon
 
Webinar: “Continuous Delivery: il tuo primo passo verso il DevOps”
Webinar: “Continuous Delivery: il tuo primo passo verso il DevOps”Webinar: “Continuous Delivery: il tuo primo passo verso il DevOps”
Webinar: “Continuous Delivery: il tuo primo passo verso il DevOps”Emerasoft, solutions to collaborate
 
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer ToolsDevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer ToolsAmazon Web Services
 
Make Software Audit Nightmares a Thing of the Past
Make Software Audit Nightmares a Thing of the PastMake Software Audit Nightmares a Thing of the Past
Make Software Audit Nightmares a Thing of the PastXebiaLabs
 
Deployment Automation for Hybrid Cloud and Multi-Platform Environments
Deployment Automation for Hybrid Cloud and Multi-Platform EnvironmentsDeployment Automation for Hybrid Cloud and Multi-Platform Environments
Deployment Automation for Hybrid Cloud and Multi-Platform EnvironmentsIBM UrbanCode Products
 
Continuous Everything
Continuous EverythingContinuous Everything
Continuous EverythingAndrea Tino
 
[WSO2Con EU 2017] Continuous Integration, Delivery and Deployment: Accelerate...
[WSO2Con EU 2017] Continuous Integration, Delivery and Deployment: Accelerate...[WSO2Con EU 2017] Continuous Integration, Delivery and Deployment: Accelerate...
[WSO2Con EU 2017] Continuous Integration, Delivery and Deployment: Accelerate...WSO2
 
DevOps For Everyone: Bringing DevOps Success to Every App and Every Role in y...
DevOps For Everyone: Bringing DevOps Success to Every App and Every Role in y...DevOps For Everyone: Bringing DevOps Success to Every App and Every Role in y...
DevOps For Everyone: Bringing DevOps Success to Every App and Every Role in y...Siva Rama Krishna Chunduru
 
Agility and Control from AWS [FutureStack16]
Agility and Control from AWS [FutureStack16]Agility and Control from AWS [FutureStack16]
Agility and Control from AWS [FutureStack16]New Relic
 
DevOps CTO Masterclass | Webinar Oct. 2020
DevOps CTO Masterclass | Webinar Oct. 2020DevOps CTO Masterclass | Webinar Oct. 2020
DevOps CTO Masterclass | Webinar Oct. 2020Cyber-Duck
 
How to go from waterfall app dev to secure agile development in 2 weeks
How to go from waterfall app dev to secure agile development in 2 weeks How to go from waterfall app dev to secure agile development in 2 weeks
How to go from waterfall app dev to secure agile development in 2 weeks Ulf Mattsson
 

Similar to Tracking license compliance made easy - intro to Grant (OSS) (20)

Introducing Continuous Integration Using Vsts
Introducing Continuous Integration Using VstsIntroducing Continuous Integration Using Vsts
Introducing Continuous Integration Using Vsts
 
Accelerate User Driven Innovation [Webinar]
Accelerate User Driven Innovation [Webinar]Accelerate User Driven Innovation [Webinar]
Accelerate User Driven Innovation [Webinar]
 
Enterprise DevOps and the Modern Mainframe Webcast Presentation
Enterprise DevOps and the Modern Mainframe Webcast PresentationEnterprise DevOps and the Modern Mainframe Webcast Presentation
Enterprise DevOps and the Modern Mainframe Webcast Presentation
 
Data Engineer's Lunch #68: DevOps Fundamentals
Data Engineer's Lunch #68: DevOps FundamentalsData Engineer's Lunch #68: DevOps Fundamentals
Data Engineer's Lunch #68: DevOps Fundamentals
 
Agile Code Reviews: Supporting collaboration and improving production uptime ...
Agile Code Reviews: Supporting collaboration and improving production uptime ...Agile Code Reviews: Supporting collaboration and improving production uptime ...
Agile Code Reviews: Supporting collaboration and improving production uptime ...
 
DevOps on AWS
DevOps on AWSDevOps on AWS
DevOps on AWS
 
Dops 1033 dev-ops_review_final
Dops 1033 dev-ops_review_finalDops 1033 dev-ops_review_final
Dops 1033 dev-ops_review_final
 
DevOps Delivery Pipeline
DevOps Delivery PipelineDevOps Delivery Pipeline
DevOps Delivery Pipeline
 
Salesforce cicd integration a quick guide
Salesforce cicd integration a quick guideSalesforce cicd integration a quick guide
Salesforce cicd integration a quick guide
 
Webinar: “Continuous Delivery: il tuo primo passo verso il DevOps”
Webinar: “Continuous Delivery: il tuo primo passo verso il DevOps”Webinar: “Continuous Delivery: il tuo primo passo verso il DevOps”
Webinar: “Continuous Delivery: il tuo primo passo verso il DevOps”
 
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer ToolsDevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
 
Make Software Audit Nightmares a Thing of the Past
Make Software Audit Nightmares a Thing of the PastMake Software Audit Nightmares a Thing of the Past
Make Software Audit Nightmares a Thing of the Past
 
Webinar : Microservices and Containerization
Webinar : Microservices and ContainerizationWebinar : Microservices and Containerization
Webinar : Microservices and Containerization
 
Deployment Automation for Hybrid Cloud and Multi-Platform Environments
Deployment Automation for Hybrid Cloud and Multi-Platform EnvironmentsDeployment Automation for Hybrid Cloud and Multi-Platform Environments
Deployment Automation for Hybrid Cloud and Multi-Platform Environments
 
Continuous Everything
Continuous EverythingContinuous Everything
Continuous Everything
 
[WSO2Con EU 2017] Continuous Integration, Delivery and Deployment: Accelerate...
[WSO2Con EU 2017] Continuous Integration, Delivery and Deployment: Accelerate...[WSO2Con EU 2017] Continuous Integration, Delivery and Deployment: Accelerate...
[WSO2Con EU 2017] Continuous Integration, Delivery and Deployment: Accelerate...
 
DevOps For Everyone: Bringing DevOps Success to Every App and Every Role in y...
DevOps For Everyone: Bringing DevOps Success to Every App and Every Role in y...DevOps For Everyone: Bringing DevOps Success to Every App and Every Role in y...
DevOps For Everyone: Bringing DevOps Success to Every App and Every Role in y...
 
Agility and Control from AWS [FutureStack16]
Agility and Control from AWS [FutureStack16]Agility and Control from AWS [FutureStack16]
Agility and Control from AWS [FutureStack16]
 
DevOps CTO Masterclass | Webinar Oct. 2020
DevOps CTO Masterclass | Webinar Oct. 2020DevOps CTO Masterclass | Webinar Oct. 2020
DevOps CTO Masterclass | Webinar Oct. 2020
 
How to go from waterfall app dev to secure agile development in 2 weeks
How to go from waterfall app dev to secure agile development in 2 weeks How to go from waterfall app dev to secure agile development in 2 weeks
How to go from waterfall app dev to secure agile development in 2 weeks
 

Recently uploaded

Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 

Recently uploaded (20)

Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 

Tracking license compliance made easy - intro to Grant (OSS)

  • 1. Tracking License Compliance Made Easy - Intro to Grant (OSS) Christopher Phillips Software Engineer Anchore Daniel Nurmi CTO Anchore
  • 2. Housekeeping 01 02 03 All participant lines are muted Questions will be accepted throughout, enter questions via Q&A panel You will receive a follow-up email with a link to the recording 04 Please respond to poll questions as they are appear on your screen
  • 3. Anchore | Software Supply Chain Management Anchore | Software Supply Chain Management Securing your software supply chain with a frictionless developer experience that optimizes velocity Your DevOps Process Run Deploy Test Build Develop Source
  • 4. Agenda Introductions 01 02 Open Source License Headaches 03 Automating License Lists and their Component Associations 04 Q&A
  • 5. Consumers Need More Than Your Product
  • 7. This is a good problem to have Usually only have to do when you’ve gained a customer, however…
  • 13. This seems more complicated than it should be… v2.0.1 v1.0 v2.0 v3.0
  • 14. Challenges when manually building that sheet ● Often lots of repeatable work that’s hard to persist over changes ● Better for machines to recognize the actual license ID ● Context of the reviewer on if licenses should be accepted as is or if SPDX the statement has wiggle room
  • 15. Challenges when building bespoke specialized tooling ● Works for only certain images and hard when application requirements change ● Scaling into different processes is hard and requires more development time ● Always switching contexts between delivering for the customer and delivering compliance and process
  • 16. How do we move towards a generalized SBOM path?
  • 18. Combining Tools for Best Results
  • 19. Remove Developers From The Interruption Path
  • 23. Single Click - Packages and Licenses -
  • 24. Anchore Enterprise Software Composition Analysis from Code to Cloud Cloud-native Focus Fast scanning of containerized applications, at scale High Fidelity SBOMs to identify OSS dependencies and security issues Multi-stage scanning across Git, CI/CD, Registry, and Kubernetes Open Source Centric End to End Coverage Controls for NIST, FedRAMP, DISA and more. Compliance Automation
  • 25. Anchore Enterprise Software Composition Analysis from Code to Cloud Cloud-native Focus Fast scanning of containerized applications, at scale High Fidelity SBOMs to identify OSS dependencies and security issues Multi-stage scanning across Git, CI/CD, Registry, and Kubernetes Open Source Centric End to End Coverage Controls for NIST, FedRAMP, DISA and more. Compliance Automation
  • 26. Next Steps Get started with Grant today and contribute https://github.com/anchore/grant Join our community Slack https://get.anchore.com/join-anchore-community/ Next community meeting https://github.com/anchore/syft?tab=readme-ov-file#join- our-community-meetings Learn more about Anchore Enterprise https://anchore.com/platform
  • 27. Thank you for joining! Schedule a demo of our platform at get.anchore.com/demo-request