{"id":3119,"date":"2020-11-29T23:51:15","date_gmt":"2020-11-29T22:51:15","guid":{"rendered":"https:\/\/fodina.de\/?page_id=3119"},"modified":"2020-12-05T17:25:47","modified_gmt":"2020-12-05T16:25:47","slug":"oscake","status":"publish","type":"page","link":"https:\/\/2022.fodina.de\/en\/oscake\/","title":{"rendered":"OSCake"},"content":{"rendered":"\n<section class=\"box info\">\n\n\n\n<h2 class=\"wp-block-heading\">The <span style=\"color: #e20074;\">O<\/span>pen <span style=\"color: #e20074;\">S<\/span>ource <span style=\"color: #e20074;\">C<\/span>ompliance <span style=\"color: #e20074;\">a<\/span>rtifact <span style=\"color: #e20074;\">k<\/span>nowledge <span style=\"color: #e20074;\">e<\/span>ngine<\/h2>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"alignleft size-large is-resized\"><a href=\"https:\/\/2022.fodina.de\/wp-content\/uploads\/2020\/11\/oscake-logo-400x482-1.png\" data-fancybox=\"\"><img decoding=\"async\" loading=\"lazy\" src=\"https:\/\/2022.fodina.de\/wp-content\/uploads\/2020\/11\/oscake-logo-400x482-1.png\" alt=\"\" width=\"100\" height=\"120\"><\/a><\/figure><\/div>\n\n\n\n<blockquote class=\"wp-block-quote\"><p><strong><em><span style=\"color: #e20074;\">OSCake<\/span>, the <a rel=\"noreferrer noopener\" href=\"https:\/\/github.com\/Open-Source-Compliance\/OSCake\" target=\"_blank\"><span style=\"color: #e20074;\">O<\/span>pen <span style=\"color: #e20074;\">S<\/span>ource <span style=\"color: #e20074;\">C<\/span>ompliance <span style=\"color: #e20074;\">a<\/span>rtifact <span style=\"color: #e20074;\">k<\/span>nowledge <span style=\"color: #e20074;\">e<\/span>ngine<\/a> is a component that &#8211; embedded in open source compliance toolchains &#8211; takes open source compliance artifacts compiled by other open-source scan tools and creates &#8211; based on the license knowledge represented in OSCake &#8211; the one open-source compliance file that  &#8211; if bundled with the respective collection of programs and components &#8211; allows us to distribute this collection compliantly. <\/em><\/strong><\/p><\/blockquote>\n\n\n\n<p>In general <strong>existing scan tools follow the Principle of Overfulfillment<\/strong>: They gather also in all other packages what only the one license requires. So, they create &#8216;overcomplete&#8217; collections of Open Source compliance artifacts. In the end, the distributors add them to their package collections in the hope that the really required artifacts are somewhere in the set of compliance artifacts &#8211; regardless of what else might be in it. This is <strong>a problematic strategy<\/strong>:<\/p>\n\n\n\n<ul><li>On the one hand, the distributors are also responsible also for incorrectly created compliance artifacts even if these artifacts are not required by the really relevant license and should not have supplied with it<\/li><\/ul>\n\n\n\n<ul><li>On the other hand, the surplus compliance artifacts could overwrite or lever out the artifacts which are really necessary.<\/li><\/ul>\n\n\n\n<p>The <strong><span style=\"color: #e20074;\">O<\/span>pen <span style=\"color: #e20074;\">S<\/span>ource <span style=\"color: #e20074;\">C<\/span>ompliance <span style=\"color: #e20074;\">a<\/span>rtifact <span style=\"color: #e20074;\">k<\/span>nowledge <span style=\"color: #e20074;\">e<\/span>ngine<\/strong> follows the <strong>Principle of a Context-Sensitive License Fulfillment<\/strong>: It compiles only the compliance artifacts that are required by the relevant licenses. For doing so, it uses the knowledge about Open Source license requirements that is inherently embedded into the respective Domain Specific Language.<\/p>\n\n\n\n<p><strong><span style=\"color: #e20074;\">OSCake<\/span><\/strong> is developed by Deutsche Telekom &#8211; as part of the initiative <strong><a href=\"https:\/\/github.com\/Open-Source-Compliance\/tdosca\"><em><span style=\"color: #e20074;\">T<\/span>est <span style=\"color: #e20074;\">D<\/span>riven <span style=\"color: #e20074;\">O<\/span>pen <span style=\"color: #e20074;\">S<\/span>ource <span style=\"color: #e20074;\">C<\/span>ompliance <span style=\"color: #e20074;\">A<\/span>rtifacts<\/em><\/a><\/strong>, that DT has started under the umbrella of the <strong><a href=\"https:\/\/www.openchainproject.org\/\">Open Chain<\/a><\/strong>-project of the <strong><a href=\"https:\/\/www.linuxfoundation.org\/projects\/security-compliance\/\">Linux Foundation<\/a><\/strong>. Technically the work is hosted and driven by the <strong><a href=\"http:\/\/oss-compliance-tooling.org\/\">Open Source Reference Tooling Work Group<\/a><\/strong>. Thus, <strong><span style=\"color: #e20074;\">OSCake<\/span><\/strong> is distributed under the terms of the Eclipse Public License 2.0. As an employee of DTAG and as a member of its Open Source Program Office (= Telekom Open Source Committees ) I have the honor to take part in the development of <strong><span style=\"color: #e20074;\">OSCake<\/span><\/strong> at a central point.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">OSCake Links<\/h2>\n\n\n\n<ul><li>OSCake Repository: <a rel=\"noreferrer noopener\" href=\"https:\/\/github.com\/Open-Source-Compliance\/OSCake\" target=\"_blank\">https:\/\/www.github.com\/Open-Source-Compliance\/OSCake<\/a><\/li><li>OSCake Homepage: <a href=\"http:\/\/www.oscake.de\/\">http:\/\/www.oscake.de\/<\/a><\/li><li>Open Chain Reference Tooling Work Group homepage: <a href=\"http:\/\/oss-compliance-tooling.org\/\">http:\/\/oss-compliance-tooling.org<\/a>\/<\/li><li>OpenChain homepage: <a href=\"https:\/\/www.openchainproject.org\/\">https:\/\/www.openchainproject.org\/<\/a><\/li><li>Test-Driven Open Source Compliance Initiative: <a href=\"https:\/\/github.com\/Open-Source-Compliance\/tdosca\">https:\/\/github.com\/Open-Source-Compliance\/tdosca<\/a><\/li><\/ul>\n\n\n\n<\/section>\n","protected":false},"excerpt":{"rendered":"<p>The Open Source Compliance artifact knowledge engine OSCake, the Open Source Compliance artifact knowledge engine is a component that &#8211; embedded in open source compliance toolchains &#8211; takes open source compliance artifacts compiled by other open-source scan tools and creates &#8211; based on the license knowledge represented in OSCake &#8211; the one open-source compliance file [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":[],"translation":{"provider":"WPGlobus","version":"2.12.2","language":"en","enabled_languages":["de","en"],"languages":{"de":{"title":true,"content":true,"excerpt":false},"en":{"title":true,"content":true,"excerpt":false}}},"_links":{"self":[{"href":"https:\/\/2022.fodina.de\/en\/wp-json\/wp\/v2\/pages\/3119"}],"collection":[{"href":"https:\/\/2022.fodina.de\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/2022.fodina.de\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/2022.fodina.de\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/2022.fodina.de\/en\/wp-json\/wp\/v2\/comments?post=3119"}],"version-history":[{"count":48,"href":"https:\/\/2022.fodina.de\/en\/wp-json\/wp\/v2\/pages\/3119\/revisions"}],"predecessor-version":[{"id":3282,"href":"https:\/\/2022.fodina.de\/en\/wp-json\/wp\/v2\/pages\/3119\/revisions\/3282"}],"wp:attachment":[{"href":"https:\/\/2022.fodina.de\/en\/wp-json\/wp\/v2\/media?parent=3119"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}