[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: Open Source Package Monitoring recommendations?
I am on the advisory board for FOSSA, so consider the source, but it would be my tool of choice.
BD and Flexera do deeper dives on license compliance (i..e the will find more cut-and-paste issues), but they lack the front end process management of FOSSA and are cumbersome to use. The FOSSA UI is very good. From: op-advisory-council@lists.oasis-open.org <op-advisory-council@lists.oasis-open.org> on behalf of Ruff, Nithya <NITHYA_RUFF@comcast.com>
Sent: Wednesday, September 11, 2019 10:36:50 AM To: Kris Borchers; op-advisory-council@lists.oasis-open.org; Jory Burson Subject: Re: Open Source Package Monitoring recommendations? [EXTERNAL MESSAGE] Agree with Kris. We have had good experience with Fossa and after studying multiple solutions we are choosing to use Fossa for our customer facing mobile apps. Thank You, Nithya Nithya A. Ruff Head, Comcast Open Source Program Office 1050 Enterprise Way, Sunnyvale, CA 94089 Mobile: 267-254-1083. Email:
Nithya_ruff@comcast.com From: <op-advisory-council@lists.oasis-open.org> on behalf of Kris Borchers <kris.borchers@gmail.com> From a license compliance monitoring perspective, I have had a good experience with FOSSA https://fossa.io and they have been adding vulnerability detection
as well. You can get started for free to check it out and they have been providing free services to a number of the OpenJSF projects for a long time. I'd be happy to introduce you to their CEO, Kevin Wang if you don't already know him. Kris From: op-advisory-council@lists.oasis-open.org <op-advisory-council@lists.oasis-open.org> on behalf of Jory Burson <jory.burson@oasis-open.org> Hi AC members, and happy Wednesday. Do you have any recommendations or experience implementing Open Source package monitoring / security auditing tools? We'd like to have a few different recommendations for Open Projects, and decided that some kind of thorough comparison
between them would make good content for our blog and documentation, too. I've talked with the folks at
Snyk - which, fun fact, stands for "So Now You Know" - as they certainly seem to have quite a bit of adoption. Are there any others you would encourage us to look into/include? I'll be away next week for W3C TPAC, but thinking of you all at OpenCore summit (which I'm really bummed to be missing). Be well, and see you at our next meeting on 23 September! - Jory |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]