Some of the most common license compliance policies violations in automotive are related to specific black listed OSS licenses. Ideally, code under such licenses should be detected during the inbound process. Commercial SCA solutions are the default option in automotive to address this challenge.

We need solutions that can be shared in both, commercial environments and in the open.

This tutorial will demonstrate how any organization can build their own knowledge base linked to a specific license compliance policy, such as preventing GPLv3 code from landing onto an in-vehicle platform.

Julián will also show how to create license scanning and detection mechanisms against such ad-hoc knowledge base during the inbound process, using OSS only. It will also provide solutions on how companies in the automotive supply chain, including open-source organizations, can share and audit the results using this common toolkit and knowledge base.

Additionally, the talk will illustrate how this approach can be generalized for broader use cases, with limited usage intensity, using the OSS KB, from the Software Transparency Foundation.

OSS KB: https://www.softwaretransparency.org/osskb