Open source compliance for engineers A legal-technical workshop for software engineers, for legal compliance in building software applications using open source components, and complying with open source licenses: how to build software applications using open source and ensuring to comply with the licenses, etc. There are several tools and formats that are becoming standard (SPDX, Fossology, Scantool, etc.) and the aim of the workshop is to introduce these technologies and tools to software engineers, within a “legal open source” context, and present best practices. FOSSology is an open source license compliance software system and toolkit. As a toolkit, you can run license, copyright and export control scans from the command line. As a system, a database and Web user interface provide you with a compliance workflow. License, copyright and export scanners are tools used in the workflow. Analyzing open source license compliance requires expert knowledge. As a consequence the use of the tool requires understanding of license analysis problems and how they are covered by FOSSology. This Hands-on will therefore provide an introduction to start off with basic tasks: • Challenges in real world examples at license analysis of open source components • Getting an overview about component analysis and SPDX usage with FOSSology • Saving work with reusing license conclusions of open source packages when analyzing a newer version The hands-on session allows and encourages for performing the presented functionality at the same time. Attendees use their computers to directly perform presented tasks on their own FOSSology application. This course will be valuable to anyone concerned with and involved in Open Source Management, including operational and legal executives, software development managers, open source program managers and developers. It requires basic understanding of software licensing. If not, it is recommended to have performed the training Compliance Training for Developers (LFC191) available at the Linux Foundation [1]. Outline program 1. Brief introduction to Open Source license management, license requirements, SPDX, compliance analysis [assuming basic Open source licensing knowledge – come to the prior workshop on 04/05/2018] 2. Introduction to Fossology and SPDX: purpose and main functionalities 3. Installing FOSSology and creating projects 4. Using Fossology : source code analysis, discovering and using FOSSology functionalities 5. Putting FOSSology in context: software development, distribution and compliance processes. Other similar and complementary tools. 6. Wrap up Logistics Organised by Id law partners, Barcelona and hosted by UPF Date: Tuesday 17/04, in the afternoon – 14.30-18.30 Duration: 4 hours Venue: UPF (Roc Boronat) Language: English Price: Price: 80 euros, to cover organizational cost, remaining funds are donated to the Linux Foundation to support the Fossology project. [1] https://training.linuxfoundation.org/linux-courses/open-source-compliance-courses/compliance-basicsfor-developers