SW360 is a software catalogue application designed to provide a central place for sharing information about software components used by an organization. The main goal is to handle SW license information, which is supported by workflows. The analysis of the sourcecode concerning licenses, copyrights etc. is done by license scanners like FOSSology which is integrated.
It is designed to neatly integrate into existing infrastructures related to the management of software artifacts and projects by providing separate backend services for distinct tasks and a set of portlets to access these services. A complete deployment unit exists (vagrant box or docker container) that contains a complete configuration of all services and portlets.
SW360 comprises the following main use case areas:
- Project: Handling of project information with all contained Open Source SW components and other Third Party SW Components and Snippets.
- Component/Releases: Handling of information and processes related to components, e.g. name, vendor, version, ECCN information, license compliance information
- License: Handling of information regarding licenses, e.g. license texts, copyrights, acknowledgements, obligations etc.
- Vulnerability: Collecting Security Vulnerability Management Information and matching them with components stored in the component service
- License Compliance documentation: all relevant documents (e.g. Readme, source code bundle) can be created, supported by workflows.
The SW360 is a software catalogue application with which you can:
- Manage your components and projects
- Send source packages to the clearing tool Fossology
- Reuse cleared components and releases for your project
- Import cleared components with clearing reports and other documents
- Browse licenses and their obligations
- Based on the Open Source Liferay portal server
- Integrated with Fossology
In order to work with SW360, please note a fundamental setup in the data model when dealing with components:
- A component is a list of releases with metadata.
- A Release is a version of a component with metadata and specific attachments.
- A project refers to a number of releases of components accordingly, not components.
- A vendor is separate from a component and releases. The link to the vendor is set at the release. (think of Sun and Oracle where the owner changed with a new release)
|Main home page||https://www.eclipse.org/sw360/||main home page with general info|
|Project @ Github||https://github.com/eclipse/sw360||where the music plays|
|Developer mailing firstname.lastname@example.org||for developers, discussion about developing|
|Slack Channel||https://sw360chat.slack.com/||the main chat spot, everybody is welcome|
|Slack Channel Invitation Link||Sharable join link to join||that should bring you in|
|sw360 developer meeting||Meeting Info||Everyone is welcome!|
SW360 Administration Guides
SW360 Deployment Guides
SW360 Development Information