Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
October 4-6 in Berlin, Germany
Register Now for LinuxCon+ContainerCon Europe
View analytic
Thursday, October 6 • 11:50 - 12:40
Documenting Your Software Supply Chain with Linked Data - Yev Bronshteyn, Black Duck Software

Sign up or log in to save this to your schedule and see who's attending!

What’s in your software other than your code? Most likely, other people’s software. And what’s inside that software? More other people’s software. And each layer of that vast layer cake comes with its own licensing license agreements, copyrights, origin information, and, alas, vulnerabilities. To document all that, you’d need far more than an ingredient label and, preferably, something other than a COPYING file the size of "War and Peace".

In this presentation, we’ll examine the possibilities offered by Linked Data. We’ll talk about the fundamentals of Linked Data and RDF, its incarnations and formats (Turtle, RDF/XML, Thrift, JSON-LD), query language (SPARQL), tooling, and more. We’ll then look at SPDX, Linux Foundation's standard for using Linked Data to document component relationships, licenses, copyrights, and even vulnerabilities.

Speakers
avatar for Yev Bronshteyn

Yev Bronshteyn

Senior Software Engineer, Black Duck Software
Yev Bronshteyn is a Senior Software Engineer at Black Duck Software, working on solutions for open source governance and security. He is a contributor to the SPDX technical team, which defines the Linux Foundation standard for documenting deep software package information with linked data. He is also the core developer of SpdXtra, a Java library for generating SPDX documents.



Thursday October 6, 2016 11:50 - 12:40
Tiergarten

Attendees (12)