In this episode Karsten Hohage talks with our guests Michael Bernhardt and Artem Smotrakov about Fosstars, a java-based framework that allows you to define various ratings for open source projects. The name “Fosstars” is a combination of “FOSS” for “Free and Open Source Software” and the concept of rating products or services with “stars”. It helps software engineers and architects to quickly assess various aspects of open source components, such as their security, maturity, etc. It is often difficult to analyze the actual code of all the open source components in an application and compare them with respect to various aspects. To make it easier, Fosstars offers ratings that are based on publicly available information about the projects, such as adopted security tools and best practices, activity of the community, and many more. Thus, Fosstars is a project, that deals with other open source projects, making the natural approach to it – guess what – open source!
Guests:
Michael Bernhardt works as a program manager for SAP’s Open Source Security Strategy and DevSecOps lead in SAP’s corporate security organization. He also acts as a security advisor as part of the SAP Open Source Program Office (OSPO).
Xing: https://www.xing.com/profile/Michael_Bernhardt6
Twitter: https://twitter.com/SecOctoBear
Artem Smotrakov is a security engineer with experience in development, quality engineering, and open source.
LinkedIn: https://www.linkedin.com/in/artem-smotrakov/
Twitter: https://twitter.com/artem_smotrakov
https://blog.gypsyengineer.com/en/
Show Notes:
- Links
- https://github.com/SAP/fosstars-rating-core
- Blog post by Artem Smotrakov
- Blog post by Michael Bolz
- SAP Open Source Program Office
- Additional Downloads:
Hosted by Karsten Hohage – Product Expert in Technology and Innovation (T&I)
LinkedIn: https://www.linkedin.com/in/karsten-hohage-0180312/