Fasten travels to Greece and Brazil

Tackling the problems of security and risk evaluation, license compliance and change impact analysis in the Open Source World

by Lisa Noeth | October 9, 2019

Since the beginning of this year, Endocode has been part of a consortium of partners that develop intelligent software package management systems to enhance robustness and security in software ecosystems. The project “Fine-Grained Analysis of Software Ecosystems as Networks” is led by the TU Delft and has received funding from the European Unions H2020 research and innovation programme. Endocodes contribution in this project has its focus on licensing and compliance. License compliance requires analysis of own source code combined with an understanding of the complete dependency graph of the distributed packages. Our work aims to analyze the compatibility of the incoming licenses of dependencies, the licenses chosen for own code, and the declared outgoing license. And to get to this analyzing part, we have been creating build graphs. Build graphs that show dependencies, that show licenses, that show authors. For C and C++ projects, for Java and Python projects. From here on, we’re working on building the license detection and integrating this into the call graphs. At the beginning of September we presented our current work to our EU project reviewers and now we’re taking it to the Open Source community.

First, to Greece: Giasemi Seisa will present the project at FOSSCOMM in Lamia, on October 11-13. FOSSCOMM (Free and Open Source Software Communities Meeting) is an annual national conference on free and open source software communities. It is aimed at developers, students, and anyone who is interested in open source regardless of their background. Open source communities, teams of developers and project contributors are taking part on the conference. The content has a wide range, from technical issues and workshops to translations, legal issues, free / open source policy issues, and more. Admission is for free and open to everyone.

Then, to Brasil: Ingrid Sena will present the project as a use case at Python Brasil on October 23-28. The PythonBrasil is the biggest event on the Python programming language of Brazil. Made by the community for the community, it aims to spread the language, promote the exchange of experiences and keep the community growing equally in public and social impact.

A big motivation for us at Endocode, but also for the entire project team is to develop for and with the community and to enable an active adaption as soon as possible. So we really hope to see a good few people there and are excited for feedback and input. And to our Ladies at Endocode we say: Go queens!