FOSDEM, February 5-6, 2022, Online

February 5-6, 2022
More information:


FASTEN Co-organizes the Devroom "Software Composition Analysis and Dependency Management"

We are please to co-organize this year again a Devroom at FOSDEM. 

Following the previous success of the Dependency management and Software Composition Analysis devrooms, we have decided to merge our efforts and organize a joint event to leverage synergies between both topics. 

Call for Presentations

Are you contributing to a FOSS project that aims to make the lives of developers easier? You are looking for what's coming next to help you deal with your project's long list of dependencies? If so, come and join us at FOSDEM 2022 to share your techniques, experiences, and demo your FOSS tools to collaborate towards a better FOSS toolchain.

Please see the details of the Call for Presentations and send your proposal now! 

Link to submit:

Visit the Devroom page on FOSDEM website:

The detailed agenda is presented below. Click on the titles to access to videos. 

Devroom Agenda


TimeTitleSpeaker/Moderator Name, Organization
10:00 - 10:05 Devroom introductionAntoine Mottier, OW2
10:05 - 10:20 Package URL and Version range spec/ Towards mostly universal dependency resolution Philippe Ombredanne
10:20 - 10:40 How OSPOs can help secure the software supply chain Ana Jimenez Santamaria, Linux Foundation
10:40 - 11:00 Developing an open source license compliance project : our trials, tribulations and achievements Pierre Marty, Linagora- 
11:00 - 11:20 How to manage OSS license obligations and SBoM by SW360's new features Kouki Hama, Toshiba
11:20 - 12:00 PANEL #1 : Processing Dependencies and Compositions and Software Maximilian Huber, TNG Technology
12:20 - 12:40 Scanning for known vulnerabilities in an embedded distribution, A return on experience from the Eclipse Oniro project Marta Rybczynska, Eclipse Foundation
12:40 - 13:00 Reporting vulnerabilities within a complex software environment/ Using the CVE-Bin-Tool Anthony Harrison, Architect and cyber security consultant
13:00 - 13:20 Commoditising Open Source Risk Management/ First Open Source SCA PlatformJulian Coccia, SCANOSS
13:20 - 14:00PANEL #2 : Dependencies for Vulnerability Discovery and Tracking  Diomidis Spinellis, Athens University 
14:20 - 14:40 Generating SBOM for your code using OSS Review Toolkit Thomas Steenbergen, HERE Technologies
14:40 - 15:00 SBOM Resolver - Generating detailed SBOMs for Alpine Georg Kunz, Open source advocate
15:00 - 15:20 FASTEN: Fine-Grained Analysis of Software Ecosystems as Networks Amir Mir, TUDelft- 
15:20 - 16:00 PANEL #3 : Creating SBOMs Antoine Mottier, OW2
16:20 - 16:40 On Backporting Practices in Package Dependency Networks Ahmed Zerouali, Tom Mens, University of Mons, Belgium
16:40 - 17:00 Operationalize SBOM with OWASP Dependency-Track Steve Springett, OWASP- 
17:00 - 17:20 Tracking Software Dependencies Kate Stewart, Linux Foundation, & Gary O'Neall, Source Auditor Inc.- 
17:20 - 18:00 PANEL #4 : Software Compositions and Dependency Tools Philippe Ombredanne