Re: SW360 experience

J Lovejoy

Thanks for responding, Oliver.

I've copied Steve here, as his message got caught up in the mailing list filter, as it looks likes he's not a member of the SPDX general mailing list. (Steve - you can join here: )

It occurred to me that perhaps a session on sw360 (and how it works with SPDX) might be a good topic for an upcoming general call? Phil - what do you think?


On 5/20/19 2:46 AM, Oliver Fendt wrote:

Hi Steve,


sw360 is an open source project under the umbrella of the Eclipse foundation. Its is a software component and product management system, which is on the one hand a system where you can manage the software components you are using no matter whether they are OSS, commercial or internal components or other artifacts on the other hand it is a system to manage your products (aka projects) in order to keep track of the bill of “materials”, to generate the OSS declaration document and source code bundles in scope of a product.

For the integration in the CI/CD workflow it provides a REST API

You can find the source code here:

Some documentation is available here:

If you like we can arrange a web meeting since we are using sw360 in our daily work.





Von: spdx@... <spdx@...> Im Auftrag von Steve Kilbane
Gesendet: Donnerstag, 16. Mai 2019 18:15
An: spdx@...
Cc: Kilbane, Stephen <Stephen.Kilbane@...>
Betreff: [spdx] SW360 experience


Hi all,


I first heard about SW360 during the presentations at the Linux Open Source Summit in Edinburgh. Searching around, though, I see very little mention of it, to the point where it's difficult to see whether this is a project just finding its feet, or something that has already been abandoned. I'd be interested in hearing from anyone who is actually using it in anger, who is willing to share their experiences.


Thanks for any info,




Join { to automatically receive all group messages.