Re: [sw360-users] SW360 - Developer Meeting

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [sw360-users] SW360 - Developer Meeting - Weekly

From: Gaurav Mishra <gmishx@xxxxxxxxx>
Date: Thu, 10 Jul 2025 15:34:41 +0530
Delivered-to: sw360-users@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/sw360-users/>
List-help: <mailto:sw360-users-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/sw360-users>, <mailto:sw360-users-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/sw360-users>, <mailto:sw360-users-request@eclipse.org?subject=unsubscribe>

Dear all,

I just noticed I subscribed to the mailing list with my personal email and thus it does not allow distribution from my official email.

Thus resharing the email. Apologies for the confusion with duplicate emails.

Thanks and regards,

Gaurav Mishra

---------- Forwarded message ---------
From: Mishra, Gaurav <mishra.gaurav@xxxxxxxxxxx>
Date: Thu, 10 Jul 2025 at 15:32
Subject: Re: SW360 - Developer Meeting - Weekly
To: gmishx@xxxxxxxxx <gmishx@xxxxxxxxx>

Dear all,

Thank you for joining us for the discussion yesterday and it was really great! We had good discussions and talk about new ideas.

Following are the MoM of the discussion, what I could capture. Please add more if I missed something or understood something incorrectly. (Note: the minutes have been formatted by AI)

Minutes of Meeting: SW360 Vision Workshop Discussion

Date: July 9, 2025

Participants: Mateusz, Helio, Gaurav, Arun, Community Members

Updates from Mateusz:

Postgres Database Support: Currently working on supporting a Postgres-based database with SW360.
Migration Progress: Has code ready for migrating from Thrift-based models to OpenAPI-based models.
Implementation: The changes will be implemented with Spring and used by both CouchDB and Postgres-based controllers.
Modifications: Changes are primarily in the Repositories (which connect with the DB) and the connection between Services (in the Resource server) and the backend.

New Release Strategy Proposal by Helio:

Version 20 Stability: Version 20 will be the last release with the current repository and will be made highly stable.
New Repository: Moving forward, there will be a new repository named "sw360-next" with no guarantee that the main branch will be stable.
Backport Requirements: Any proposed changes that need to be backported to the 20 stable version must include a matching test case to ensure operation in both "sw360-next" and "sw360-20."
Test Case Generation: Gaurav is working on a PoC to generate quality unit test cases for a code repository using open-source LLMs. Once stable, this will be published and used to improve test cases in SW360. Validation of generated tests is required to ensure correctness.
Release Branches: Discussion on whether to have only one release branch or multiple. The current idea is to have no support for the Liferay version, only version 20 will be supported with backports. When "sw360-next" is ready, the repository will be moved.
Community Feedback: The community agreed with the proposal but expressed concerns about the strong backport process. The next step is to generate a poll in Slack with more details before moving forward.

Branding Rework with "sw360-next":

Identity Change: The "sw360-next" and rebranding of SW360 could be combined. The idea is to create an identity with a color theme rather than the folder icon. A logo and possibly text will be introduced, but the same color theme will be maintained.

Internal Workshop Results by Gaurav:

Microservices Migration: Gaurav proposed migrating to microservices by removing Thrift, replacing calls from the resource server to the backend with REST or Spring Boot, and using lightweight containers without Tomcat (e.g., Payara, GlassFish, or GraalVM). This will allow enhanced monitoring, granular service updates, and high availability. The next step is to create a concrete technical plan with timelines. Mateusz offered help with monitoring and dashboards.
UI/UX Wishlist: Gaurav proposed UI/UX wishlist ideas, including workflow creation during Clearing Request. The community agreed these are good-to-have features but prioritized User eXperience with performance optimization and availability. There was also an idea to have a chatbot for SW360 Users and Developers with GenAI. Arun informed that some users are already trying solutions with MCP and Chat APIs.

Compliance Platform Proposal by Gaurav:

Platform Creation: Gaurav proposed creating a platform, nicknamed "Compliance Platform," which is essentially a data lake supporting the creation of various services in the form of plugins on top of it. It can include value-added services like Project management, Vulnerability management, compute services like Dependency discovery, license/copyright scanners, and aggregate services like SBOM and UI. The aim is to provide a single place for every activity related to compliance and help every stakeholder involved in the process.
Helio’s Feedback: Helio commented that this is exactly what he has been trying to achieve for the past two years. The data lake & aggregator is the resource server already. The idea to use Postgres is to use the same DB everywhere for easy integration (with services like ORT) and make everything else underlying data schema agnostic. The idea is to even extend FOSSology’s UI as a plugin and put it inside SW360’s current UI interface.

Next Steps:

Generate a poll in Slack with more details on the new release strategy. (Kouki or Helio)
Create a concrete technical plan with timelines for microservices migration. (Gaurav with the community)
Continue discussions on the Compliance Platform and its integration with existing services. (Gaurav and Helio)

Also, I have attached the slides which were shared yesterday.

Thank you for making this SW360 such and awesome community!

--

With best regards,