Sebastian Schuberth
Sebastian Schuberth is an Open Source enthusiast and automation freak. He has more than 20 years of experience with professional software development and DevOps topics, and recurrently contributes to Open Source projects like the Gradle package manager, Package URL, or SPDX.
Sessions
10-27
18:00
5min
Package management analysis in the OSS Review Toolkit
Sebastian Schuberth
Analyzing the dependencies as declared by package managers is the first step towards creating SBOMs or to query known vulnerabilities for software projects. This talk gives an overview over the abstractions done in the OSS Review Toolkit to support more than 25 package managers and the challenges in modelling their different behaviors and resolution processes.
Main stage