BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//pretalx.com//packagingcon-2021//speaker//Z3EMXB
BEGIN:VEVENT
UID:pretalx-packagingcon-2021-VPV999@pretalx.com
DTSTART:20211109T172500Z
DTEND:20211109T174500Z
DESCRIPTION:With hundreds of thousands of open source software (OSS) projec
 ts to choose from\, OSS is a vital component of almost any codebase. Howev
 er\, with over a thousand unique licenses to comply with\, complexity of m
 anaging OSS use cannot be overlooked. Identifying and tracking OSS to comp
 ly with license requirements adds friction to the development process and 
 can result in product-release delays. At VMware\, developers must run a sc
 anner to identify a Bill of Material (BOM) of what OSS is being used. This
  extra step adds toil and leaves room for error. Some scanners are impreci
 se\, compounding these issues. \n\nWe solve this problem using Bazel to cr
 eate an accurate BOM containing OSS and third-party packages during a buil
 d. To do this\, we made a Bazel aspect that analyzes the dependency graph 
 and collects information about each package from VMware's internal Artifac
 tory. Additionally\, it consumes a list of approved and denied OSS from VM
 ware's legal team. By moving OSS validation to build time\, OSS decisions 
 are made earlier in the development and review process\, making them less 
 costly.
DTSTAMP:20260307T182331Z
LOCATION:Room 4
SUMMARY:Streamlining VMware's Open Source Licensing Compliance With Bazel -
  Daniel Machlab
URL:https://pretalx.com/packagingcon-2021/talk/VPV999/
END:VEVENT
END:VCALENDAR