Surya Santhi

Surya is a Marketing and Program Management professional who has supported marketing of ORT over the years. She has worked in India, Finland and Germany for companies like IBM, Nokia, HelloFresh and HERE Technologies. She is always happy to talk about Open Source program management and how to market Open Source projects.


Session

03-14
15:10
30min
ORT: Automate compliance using Open Source & InnerSource
Thomas Steenbergen, Surya Santhi

Setting up or maintaining a FOSS compliance processes is not simple as most organizations use a wide variety of programming languages, code build tools and delivery methods. Ideally, you want to automate most of the compliance work but as most Open Source Program Offices (OSPO) have found out, there are often significant gaps between what is offered by most tools and what you would like to have. Given this, several OSPOs have been collaborating to build OSS Review Toolkit (ORT).

In this session Thomas demonstrates how one can use ORT to safely use, integrate, modify and redistribute third party software including FOSS in your software project(s). He will show a FOSS review from start to finish e.g. from scanning a repository for packages, licensing and vulnerabilities to fixing found issues and generating attribution documents, source bundles and SBOMs (CycloneDX/SPDX).

By the end of this session you should be able to replicate an ORT-based compliance process within your organization including automating your FOSS policy using Policy as Code and save process/review time by using an InnerSource-based review process and re-using FOSS clearance artifacts from the community.

Legal & Compliance
Stage 2