Name: Documenting Your Software Supply Chain with Linked Data - Yev Bronshteyn, Black Duck Software
Start: 2016-10-06T11:50:00+0200
End: 2016-10-06T12:40:00+0200

October 4-6 in Berlin, Germany
Register Now for LinuxCon+ContainerCon Europe

Back To Schedule

Documenting Your Software Supply Chain with Linked Data - Yev Bronshteyn, Black Duck Software

What’s in your software other than your code? Most likely, other people’s software. And what’s inside that software? More other people’s software. And each layer of that vast layer cake comes with its own licensing license agreements, copyrights, origin information, and, alas, vulnerabilities. To document all that, you’d need far more than an ingredient label and, preferably, something other than a COPYING file the size of "War and Peace".

In this presentation, we’ll examine the possibilities offered by Linked Data. We’ll talk about the fundamentals of Linked Data and RDF, its incarnations and formats (Turtle, RDF/XML, Thrift, JSON-LD), query language (SPARQL), tooling, and more. We’ll then look at SPDX, Linux Foundation's standard for using Linked Data to document component relationships, licenses, copyrights, and even vulnerabilities.

Speakers

Yev Bronshteyn

Senior Software Engineer - Alliances, Black Duck Software/Synopsys

Yev Bronshteyn is a Senior Software Engineer at Black Duck Software, working on solutions for open source governance and security. He is a contributor to the SPDX technical team, which defines the Linux Foundation standard for documenting deep software package information with linked... Read More →

Documenting the Software Supply Chain with Linked Data pdf

Thursday October 6, 2016 11:50 - 12:40 CEST
Tiergarten

Developer View all LinuxCon Sessions

Experience Level Intermediate

LinuxCon+ContainerCon Europe 2016

Yev Bronshteyn

Attendees (12)

LinuxCon+ContainerCon Europe 2016

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Yev Bronshteyn

Attendees (12)