As CI/CD pipelines grow in popularity, maintaining compliance with open-source licenses and copyrights is crucial. This session presents a new initiative to integrate FOSSology’s mature scanning tools directly into CI/CD workflows. We'll explore how a Docker image, designed to work with GitHub Actions, GitLab CI, and Travis CI, automates license and copyright checks early in the development process.
The session will cover technical details on repository, tag, and dependency scanning, along with customization options. Attendees will learn how this solution enhances security and compliance in cloud-native environments without compromising development speed.
This talk will be particularly valuable for DevOps engineers, compliance officers or anyone trying to avoid the hassle of scanning through the whole code for licenses or copyrights. This can be easily integrated in existing modern development workflows via our Github Action, called FOSSOps.