forked from eclipse-apoapsis/guidance
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Generic component lifecycle process whitelabel template including reu…
…se.software conformant copyright and license notices.
- Loading branch information
Showing
5 changed files
with
375 additions
and
0 deletions.
There are no files selected for viewing
94 changes: 94 additions & 0 deletions
94
...ware_management/sw_management_product/blueprints/component_lifecycle_process.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,94 @@ | ||
| # Software Component Lifecycle Process | ||
| [//]: # (SPDX-FileCopyrightText: 2024 Eclipse Apoapsis Contributors) | ||
| [//]: # (SPDX-License-Identifier: CC-BY-4.0) | ||
|
|
||
| *This document is a template for a process description and needs to be adapted to a specific organization before usage. Especially the parts put in angle brackets "< >".* | ||
|
|
||
| # Process Objectives | ||
|
|
||
| Ensuring transparent open source software usage by fulfilling the requirements of the < Open Source Policy of the organization >. | ||
|
|
||
| # Process Scope | ||
|
|
||
| < please enter your organization specific scope of this process > | ||
|
|
||
| # Process Description | ||
|
|
||
|  | ||
|
|
||
| The Software Component Lifecycle consist of four elements. The distribution check is the major gateway to ensure that only qualified software is released. The other elements only support this effort. | ||
|
|
||
| - Integration Check: Pre-check that development capacity is only invested in technology that can be delivered later on. | ||
| - Development Monitoring: Process to provide an overview on all integrated software components and their status at any time during development for each project or product. | ||
| - Distribution Check: This gateway ensures that all necessary software management tasks have been processed successfully before the corresponding software is allowed to be made available to external parties. < It is done as part of the quality gate. > | ||
| - Maintenance Monitoring (optional): Process to ensure that the criteria of the distribution check are still met after distribution under considerations of the current information. | ||
|
|
||
| # Templates | ||
|
|
||
| - A2.4 Non-standard concept template | ||
|
|
||
| # Roles | ||
|
|
||
| - < Management > | ||
| - < Open Source Office: | ||
| - The Open Source Office defines the Open Source Management requirements necessary for a distribution check. | ||
| - The Open Source Office is informed about new Open Source Software Integration Checks. | ||
| - The Open Source Office provides the organization specific configuration of the Open Source Management Review system. | ||
| - The Open Source Office need to approve Non-standard Open Source Management concepts. > | ||
| - < Responsible Person for a product > | ||
| - Development Team: | ||
| - Evaluate new software components and request integration check, integrate software components in conformance with the guidelines | ||
| - < Open Source Management Representative: | ||
| - The Open Source Management Representative ensures that all relevant tasks for the software Distribution Check are processed prior to release. | ||
| - The Open Source Management Representative monitors the Open Source Management reviews and supports the development team in resolving and dispatching issues. > | ||
| - Source Code Auditor: | ||
| - The Source Code Auditor supports the review and analysis of the project source code review results. | ||
| - Curator (Curation team): | ||
| - The Curator supports the metadata curation of identified components with missing or unclear metadata. | ||
| - The Curation team maintains the underlying components metadatabase of the Open Source Management Review system. | ||
|
|
||
| # Process Details | ||
|
|
||
| ## Integration Check | ||
| The integration check is supported by the attachment "A1 Integration Check" | ||
|
|
||
| ## Distribution Check | ||
| A Distribution Check requires the successful completion of the following tasks as part of the Open Source Management Review (see attachment "A2 Development Monitoring"): | ||
|
|
||
| 1. Open Source Management Dependency Review: Scan for and investigation of all integrated third party software artifacts with the defined Open Source Management Dependency Review solution, details see attachment "A3 Open Source Management Dependency Review". | ||
| 2. Open Source Management Project Source Review: Scan for and investigation of all integrated third party source code in the project's source code that is used to build the organizations software artifacts with the defined Open Source Management Project Source Review solution, details see attachment "A4 Open Source Management Project Source Review". | ||
| 3. FOSS Compliance Bundle: | ||
|
|
||
| a.) Open Source Software Disclosure Document: Complete decisive list of all integrated Open Source Software components, details see attachment "A5.1 OSS Disclosure Document" | ||
|
|
||
| b.) OSS Source Code Bundle: Collection of the complete source code for all integrated software components, where the license requires the source code disclosure as listed in the OSS disclosure document, details see attachment "A5.2 OSS Source Code Bundle". | ||
| 4. OSM Bi-directional Traceability: all the relevant information about the release and the integrated Open Source components need to be provided centrally to enable bidirectional traceability, details see attachment "A8 Open Source Meta Database". | ||
|
|
||
| The following picture gives and overview of the tasks and their sequence: | ||
|
|
||
|  | ||
|
|
||
| # Deviations | ||
| This is the standard process to ensure open source compliance in the organization. However, because of the variety of activities of the organization we also have various special situations where other approaches might be more efficient. Therefore it is possible to design a different process for fulfilling the requirements of the organization's Open Source Policy. The Non-standard template (attachment A2.4) need to be used. | ||
|
|
||
| The Open Source Management Representative must be consulted for the design of a deviating process and it must be appoved by the Open Source Office before set into effect. | ||
|
|
||
| # Attachments | ||
|
|
||
| |Attachment|Description| | ||
| |:------------------------------------------------------------------------------|:-----------------------------------------------------------------------------| | ||
| | A1 Integration Check | HowTo perform the Integration Check for Open Source Components | | ||
| | A2 Development Monitoring | Description of generic Open Source Management Review steps as preparation for the Distribution Check. Description of standard scheme to describe existing standard Open Source Management Review setups. | | ||
| | A2.1 Standard Open Source Management Review - Reference Tooling | Standard Open Source Management Review using the Open Source reference tooling described based on standard scheme. | | ||
| | A2.2 Standard Open Source Management Review - Trusted Package Metadatabase | General description for Standard Open Source Management Reviews using "matching"-mechanisms and trusted package metadatabases described based on standard scheme.| | ||
| | A2.3 Standard Open Source Management Review - Snippet Database | Description of Open Source Management Review with snippet scanner and fingerprint matching as forensic tool combined with license and copyright scanner described based on standard scheme.| | ||
| | A2.4 Non-standard Open Source Management Review | HowTo handle Open Source Management concepts for projects not using one of the Standard Open Source Management Review setups including a concept template. | | ||
| | A3 Open Source Management Dependency Review | Description of the Open Source Management Dependency Review (independent from the Open Source Managemen Review setup). | | ||
| | A4 Open Source Management Project Source Review | Description of the Open Source Management Project Source Review concept and reference to best practices. | | ||
| | A5 FOSS Compliance Bundle | Description of the FOSS Compliance Bundle. | | ||
| | A5.1 OSS Disclosure Document | Description of the OSS Disclosure Document and Reference to Best Practices. | | ||
| | A5.2 OSS Source Code Bundle | Description of the OSS Source Code Bundle and Reference to Best Practices. | | ||
| | A6 Distribution Check and Quality Gate | Open Source Management specific check questions that need to be part of the Quality Gate Checklist. | | ||
| | A7 Maintenance Monitoring | Description of the Maintenance Monitoring Concept and Reference to Best Practices. | | ||
| | A8 Open Source Metadatabase | Description of the Open Source Metadatabase concept and Reference to Best Practices. | | ||
| | A9 Open Source Usage Policies | Set of default Open Source Usage policies for specific setups and Reference to Best Practices. | |
40 changes: 40 additions & 0 deletions
40
...ocs/part_B_software_management/sw_management_product/blueprints/process_high_level.drawio
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,40 @@ | ||
| <mxfile host="app.diagrams.net" agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0" version="24.7.7"> | ||
| <diagram name="Seite-1" id="droPLx8h_yO0OCPhd0js"> | ||
| <mxGraphModel dx="1426" dy="911" grid="1" gridSize="10" guides="1" tooltips="1" connect="1" arrows="1" fold="1" page="1" pageScale="1" pageWidth="827" pageHeight="1169" math="0" shadow="0"> | ||
| <root> | ||
| <mxCell id="0" /> | ||
| <mxCell id="1" parent="0" /> | ||
| <mxCell id="gTzAwi-1XPF8Pd667Z55-1" value="Open Source Components" style="ellipse;shape=cloud;whiteSpace=wrap;html=1;" parent="1" vertex="1"> | ||
| <mxGeometry x="80" y="338" width="120" height="80" as="geometry" /> | ||
| </mxCell> | ||
| <mxCell id="gTzAwi-1XPF8Pd667Z55-2" value="Integration Approval" style="rounded=0;whiteSpace=wrap;html=1;rotation=-90;fillColor=#d5e8d4;strokeColor=#82b366;" parent="1" vertex="1"> | ||
| <mxGeometry x="145" y="345" width="160" height="30" as="geometry" /> | ||
| </mxCell> | ||
| <mxCell id="gTzAwi-1XPF8Pd667Z55-3" value="Distribution Approval" style="rounded=0;whiteSpace=wrap;html=1;rotation=-90;fillColor=#d5e8d4;strokeColor=#82b366;" parent="1" vertex="1"> | ||
| <mxGeometry x="396" y="345" width="160" height="30" as="geometry" /> | ||
| </mxCell> | ||
| <mxCell id="gTzAwi-1XPF8Pd667Z55-4" value="Development" style="rounded=0;whiteSpace=wrap;html=1;fillColor=#fff2cc;strokeColor=#d6b656;" parent="1" vertex="1"> | ||
| <mxGeometry x="280" y="348" width="160" height="60" as="geometry" /> | ||
| </mxCell> | ||
| <mxCell id="gTzAwi-1XPF8Pd667Z55-5" value="Development Monitoring" style="rounded=0;whiteSpace=wrap;html=1;fillColor=#d5e8d4;strokeColor=#82b366;" parent="1" vertex="1"> | ||
| <mxGeometry x="280" y="280" width="160" height="40" as="geometry" /> | ||
| </mxCell> | ||
| <mxCell id="gTzAwi-1XPF8Pd667Z55-6" value="Maintenance Monitoring" style="rounded=0;whiteSpace=wrap;html=1;fillColor=#d5e8d4;strokeColor=#82b366;" parent="1" vertex="1"> | ||
| <mxGeometry x="541" y="280" width="100" height="40" as="geometry" /> | ||
| </mxCell> | ||
| <mxCell id="gTzAwi-1XPF8Pd667Z55-7" value="<div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div>Software Product" style="html=1;whiteSpace=wrap;shape=isoCube2;backgroundOutline=1;isoAngle=15;" parent="1" vertex="1"> | ||
| <mxGeometry x="546" y="330" width="90" height="100" as="geometry" /> | ||
| </mxCell> | ||
| <mxCell id="gTzAwi-1XPF8Pd667Z55-8" value="" style="html=1;shadow=0;dashed=0;align=center;verticalAlign=middle;shape=mxgraph.arrows2.arrow;dy=0.4;dx=29;notch=0;fillColor=none;" parent="1" vertex="1"> | ||
| <mxGeometry x="190" y="353" width="90" height="40" as="geometry" /> | ||
| </mxCell> | ||
| <mxCell id="gTzAwi-1XPF8Pd667Z55-9" value="" style="html=1;shadow=0;dashed=0;align=center;verticalAlign=middle;shape=mxgraph.arrows2.arrow;dy=0.4;dx=29;notch=0;fillColor=none;" parent="1" vertex="1"> | ||
| <mxGeometry x="441" y="353" width="90" height="40" as="geometry" /> | ||
| </mxCell> | ||
| <mxCell id="TJgNjzUTwZLBY8b1rBSF-1" value="<div style="font-family: Consolas, &quot;Courier New&quot;, monospace; line-height: 19px; white-space: pre; font-size: 11px;"><font style="font-size: 11px;">SPDX-FileCopyrightText: 2024 Eclipse Apoapsis Contributors</font></div><div style="font-family: Consolas, &quot;Courier New&quot;, monospace; line-height: 19px; white-space: pre; font-size: 11px;"><div style="line-height: 19px;"><font style="font-size: 11px;">SPDX-License-Identifier: CC-BY-4.0</font></div></div>" style="text;html=1;align=left;verticalAlign=middle;whiteSpace=wrap;rounded=0;labelBackgroundColor=none;" vertex="1" parent="1"> | ||
| <mxGeometry x="280" y="520" width="139" height="30" as="geometry" /> | ||
| </mxCell> | ||
| </root> | ||
| </mxGraphModel> | ||
| </diagram> | ||
| </mxfile> |
Binary file added
BIN
+26.6 KB
...t_B_software_management/sw_management_product/blueprints/process_high_level.jpg
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Oops, something went wrong.