FASTEN Workshop, April 8, 2021, Online



April 8, 2021, from 16h00 to 17h30 CET, online.


Join us at the April 8th virtual workshop "Risk Mitigation with Software Composition Analysis and Dependency Management", organized by OW2 and the FASTEN H2020 project funded by the European Commission. Discuss latest advances in SCA, Dependency Management, and SBOM as they are becoming irreplaceable in today software development processes. Learn about current innovations in the field which are set to change developers' life in the near future. At the end of the session, attendees will be able to interact with the speakers by asking questions and giving out their opinions on these subjects.

The replay of FASTEN virtual workshop is available and the slides of the presentations given are provided in the agenda below. 


16h00 - 16h10:

Highlight on FASTEN's Software Composition Analysis Market Background, Cédric Thomas, OW2

This presentation looks at the market background that determines the adoption rate of the FASTEN technology. It provides key figures, useful for everyone to have in mind, illustrating the growth of FASTEN’s market, its drivers and will look at the competitive environment.

Speaker Biography
Cedric Thomas, is OW2 CEO. He has developed OW2 into a global community spanning four continents. He is an IT industry veteran with twenty-five years of experience in strategic and marketing consulting for IT vendors and systems integrators. As both an investor and a consultant, he actively took part in three IPOs, contributed to the launch of several technology start-ups, and helped set up technology firms in Boston and San Francisco.

Watch the slides

16h10 - 16h30:

 Demonstration of FASTEN Dependency Management tools on top of Maven, Antoine Mottier, OW2

The final goal of the FASTEN project is to be able to perform a more sophisticated analysis of security-vulnerability propagation, licensing compliance, and dependency risk profiles by relying on the call-level dependency network of the whole software ecosystem. In this talk, we will present some first results of the project and demonstrates how FASTEN works on top of Java/Maven ecosystem.

Speaker Biography
Antoine jobs has always been related to software. Starting with embedded software development, quickly moving to server side software in the Java ecosystem, then shifting to consulting and training to finally be involved in community related actions for Bonitasoft, an open source company. The common theme about all those experiences is probably the love for technology, but also a deep interest in sharing the knowledge. And Open Source is a key factor here that allow to learn and collaborate with many people each of them having a unique background.

Watch the slides

16h30 - 16h45:

 Integrating Software Assurance, SCA, and Fine-Grained Analysis of Ecosystems as Networks (FASTEN), Magiel Bruntink, SIG

Software has become a crucial differentiator to gain competitive advantage. At Software Improvement Group, we help organizations turn their software into an enabler for growth by exposing the hidden risks and opportunities that lie within. We do this by measuring software quality and scanning source code for technical findings related to maintainability, security, performance efficiency, and others. Often client engage with us to do software risk assessment, IT due diligence, and software monitoring, for which we employ our software assurance platform Sigrid. With FASTEN we aim to enrich our existing software ecosystem analysis, and further increase its precision.

Speaker Biography
Magiel is Head of Research of Software Improvement Group (SIG), where he leads a team of researchers that provide innovation capacity for the company in collaboration with academic partners. Before SIG, Magiel worked at University of Amsterdam as a Program Director in Software Engineering education and research, and for several years prior as a consultant in the software industry. He was educated as a computer scientist at University of Amsterdam (MSc) and the Technical University Delft (PhD).

16h45 - 17h00:

 FASTEN user experience from a software vendor perspective : The future of extension management in XWiki with FASTEN, Thomas Mortagne, XWiki

After a quick introduction of  XWiki project, this presentation will explain the benefits that XWiki expects to derive from FASTEN through three Use Cases and showcase how its Extension Manager has been improved to integrate FASTEN. 

Speaker Biography
Thomas is lead developer of XWiki open source project for XWiki SAS. He is contributor and committer on various other open source projects like jdeb or Apache Velocity, and also manages the technical infrastructure of Atelier des Médias and occasionally seats at its board of directors. Thomas is graduated from Epitech. Priori to XWiki he was technical lead and programmer for a display and media center software company.

Watch the slides

17h00 - 17h15:

Eclipse sw360 Web Application for managing software Bill-Of-Material,  Michael Jaeger, Eclipse sw360 project

 The Eclipse SW360 project provides a server application for the management of used software components in an organization. The catalogue can then be used to create Software Bill-of-Materials (SBOM) for products and projects. SBOM management is essential for a number of important aspects when delivering products: for understanding if vulnerabilities are relevant, for reviewing the licensing situation, for covering trade compliance and last but not least for the generation of compliance documentation.

SW360 itself focusses only on SBOM management and the support of the approval processes, it does not scan for licenses nor for dependencies. For these tasks, integration with other OSS tools, for example, FOSSology for license scanning is provided. To automate the SBOM management, SW360 provides a REST API which allows CI infrastructure to call SW360 directly for checks, downloads or uploads. SW360 is a project hosted by the Eclipse Foundation licensed under the EPL-2.0; thus it is available for everyone as Open Source software.

Speaker Biography
Michael C. Jaeger is one of the maintainers for Linux Foundation's FOSSology and Eclipse SW360 projects, both available on Github and both in the area of OSS handling w.r.t. license compliance and component management. At Siemens Corporate Technology in Munich, Germany, Michael works in several roles as project lead, software architect, trainer and consultant for distributed systems, server applications and their development with open source software.

Watch the slides

17h15 - 17h30:

Q&A and open discussion


Register to FASTEN Workshop

Please  register using the above button to join the webinar. You will receive the connection link by email.