Skip to content
This repository has been archived by the owner on Mar 17, 2021. It is now read-only.

Supported Antenna Use Cases #328

Open
blaumeiser-at-bosch opened this issue Oct 16, 2019 · 1 comment
Open

Supported Antenna Use Cases #328

blaumeiser-at-bosch opened this issue Oct 16, 2019 · 1 comment
Labels
epic

Comments

@blaumeiser-at-bosch
Copy link
Contributor

blaumeiser-at-bosch commented Oct 16, 2019
edited
Loading

Summary of the Feature

The first comment below contains the use cases that should be supported within Antenna over time. The idea of this issue is to start the discussion on these use cases so that we can derive the right tasks for proceeding on this topic.
@blaumeiser-at-bosch
Copy link
Contributor Author

Use Case: Coordinate based identification with lazy component approval

Execution sequence:

  • ORT Analyzer - Identification of the dependencies
  • SW360 Enricher - Get known metadata on dependencies
  • Antenna Conf Handler - Read in Antenna configuration and adapt model to local changes
  • Clearly Defined Enricher - Get publicly available metadata on unknown components - identify mismatches
  • Other Enrichers - E.g., commercial information, Dependency Track for vulnerabilities, ...
  • Local Downloader - Download all existing sources from a local repository
  • ORT Downloader - Download missing source information
  • Policy Engine - Evaluate the existing model towards consistency with company policies
  • SW360 Updater - Update SW360 project trace information, add new components and releases, potentially add facts on existing components
  • FOSS Bundle Generation - Create the FOSS Compliance Bundle
  • ORT Reporter - Create an summary of the antenna run

Use Case: Hash based identification with lazy component approval

Execution sequence:

  • Antenna Hash Analyzer - Gather dependencies and build hashes of the identified file system objects
  • SW360 Enricher - Identify components and return known metadata based on these hashes
  • Antenna Conf Handler - Read in Antenna configuration and adapt model to local changes
  • Local Downloader - Download all existing sources from a local repository
  • Policy Engine - Evaluate the existing model towards consistency with company policies
  • SW360 Updater - Update SW360 project trace information, add new components and releases based on file system information of the new hashes
  • FOSS Bundle Generation - Create the FOSS Compliance Bundle
  • ORT Reporter - Create an summary of the antenna run

Use Case: Coordinate based identification with pre planned dependencies

Execution sequence:

  • ORT Analyzer - Identification of the dependencies
  • SW360 Enricher - Get known metadata on dependencies and valid trace information for project
  • Antenna Conf Handler - Read in Antenna configuration and adapt model to local changes
  • Clearly Defined Enricher - Get publicly available metadata on unknown components - identify mismatches
  • Other Enrichers - E.g., commercial information, Dependency Track for vulnerabilities, ...
  • Local Downloader - Download all existing sources from a local repository
  • ORT Downloader - Download missing source information
  • Policy Engine - Evaluate the existing model towards consistency with company policies, check for unallowed components due to SW360 trace information
  • SW360 Updater - Add new components and releases, potentially add facts on existing components
  • FOSS Bundle Generation - Create the FOSS Compliance Bundle
  • ORT Reporter - Create an summary of the antenna run

Use Case: Hash based identification with pre planned dependencies

Execution sequence:

  • Antenna Hash Analyzer - Gather dependencies and build hashes of the identified file system objects
  • SW360 Enricher - Identify components and return known metadata based on these hashes
  • Antenna Conf Handler - Read in Antenna configuration and adapt model to local changes
  • Local Downloader - Download all existing sources from a local repository
  • Policy Engine - Evaluate the existing model towards consistency with company policies, check for unallowed components due to SW360 trace information
  • SW360 Updater - Add new components and releases, potentially add facts on existing components
  • FOSS Bundle Generation - Create the FOSS Compliance Bundle
  • ORT Reporter - Create an summary of the antenna run

Use Case: Compliance Office handling of new data

Execution sequence:

  • CSV Analyzer - Gather the components to be added to SW360
  • SW360 Enricher - Identify components and return known metadata based on these hashes
  • Clearly Defined Enricher - Get publicly available metadata on unknown components - identify mismatches
  • Other Enrichers - E.g., commercial information, Dependency Track for vulnerabilities, ...
  • Local Downloader - Download all existing sources from a local repository
  • ORT Downloader - Download missing source information
  • SW360 Updater - Add new components and releases, add facts on existing components
  • ORT Reporter - Create an summary of the antenna run

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
epic
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@blaumeiser-at-bosch