Fujitsu supports SPDX evolution and the movement to an international standard that provides a common SBOM basis for software exploitation for companies throughout the supply chain. We have long provided multilateral support for SPDX, especially thorough activities in Yocto and SPDX-Lite.
From 2016, we have been joining maintainers of meta-spdxscanner, enabling SPDX functionality for the Yocto Project.
This presentation shows how to use the following OSS to create a development environment that ensures license compliance and security required for OSS management.
- Yocto
- meta-spdxscanner
- FOSSology
- CodeChecker
