Community Blog

Community Blog

Techniques and Strategies for Mastering Software Composition Analysis

January 14, 2021


Guest speaker: Jon Aldama, CTO & Co-Founder, FossID presented on "Techniques and Strategies for Mastering Software Composition Analysis". 

This video is from a live webinar conducted for the FINOS Open Source Readiness (OSR) project. The OSR project meets bi-weekly for guest presentations, knowledge-sharing between financial industry firms solving similar issues on their road to open source readiness, and discussion of open source strategy. Take a look at upcoming FINOS events like this and join us!



JON'S Presentation

Techniques and Strategies for Mastering Software Composition Analysis - November 10, 2020- Open Source Readiness (OSR) Project



An explosive growth of Open Source Software (OSS) makes finding the correct origin and licensing information ever more complicated. In addition, engineers are not licensing experts and and need guidance and support in purposeful policies, processes, and infrastructure to maximize the OSS adoption efficiency and be in control of the code base. But how does Software Composition Analysis (SCA) tools work, and what techniques and strategies exist for scanning a codebase, their strengths and weaknesses?

This presentation gives an introduction to the complexity in OSS compliance and security, what challenges that SCA tools manufacturers attempt to solve, what decisions that need to be made in the analysis phase, and a few lessons learned as a tools and services vendor.


Interested in this FINOS open source project, or any of our other projects? Click the link below to see how to get involved in the FINOS Community.

Get Involved