KoukiHama
commented
2 years ago Markdown from https://github.com/eclipse/sw360/files/8823661/20220531-Roadmap.SW60-public.xlsx
| Topic | high priority | medium priority | low priority | Issue | |
|---|---|---|---|---|---|
| 1 | Stability of the tool | ||||
| Scaling topics - handling of many projects, data, users, components, dependencies to guarantee a stable system | x | #1556 | |||
| dealing with complex project structures - many sub-projects | x | #1557 | |||
| with updates all features shall be working / more tests | #451 #231 | ||||
| 2 | Usability | ||||
| 2.1 | UI | ||||
| Show data entries closer to each other (better overview) | #1558 | ||||
| Banner for broadcast messaging | #1595 | ||||
| add addtional columnes in my projects | x | ||||
| Rearrange 'My Project/Component, My Task Assignments/Submissions pane in SW360 Home | x | ||||
| 2.2 | Structure - Overview | ||||
| Definition of manufacturer on project level | x | ||||
| Export spreadsheet of projects with subprojects with linked releases | x | ||||
| Have list of attachment usage | |||||
| create additional license obligations for multiple components in one click | x | ||||
| Export spreadsheet for attachment usage | x | ||||
| project clearing status filter | x | ||||
| Dashboard for project status | x | ||||
| 2.3 | Search | ||||
| Search in UI and API have different results | x | x | |||
| allow searching for external Ids | x | ||||
| Search shows too many results | x | ||||
| Moderation request search field | x | ||||
| number of shown entries higher (list of components etc.) | x | ||||
| enable search for my projects / components | x | ||||
| search for releases with attachment in a specific timeline | x | ||||
| searching on specific data | x | ||||
| Release order in the view 'linked releases and project' must be the same like in clearing status view: alphabetically odered by release name | x | ||||
| 2.4 | Vulnerability Management | ||||
| Show all vulnerabilities of a project (incl. Sub-projects) | |||||
| Vulnerability Ids should not be copied when project is copied | x | ||||
| vulnerability ID list should be visible by more roles | x | ||||
| External fields (e.g. vulnerabilities handled via moderation requests | x | ||||
| vulnerability list dependant on user roles | x | ||||
| vulnerability mapping in own field | |||||
| 2.5 | Notifications - Alerts | ||||
| add name of updated project to email notification | x | ||||
| email notification when upload of attachments/ enhandements | x | ||||
| Alerts or Notifications from SW360 requires improvement | x | ||||
| 2.6 | Individualization | ||||
| Having a product clearing template for different organizations | x | ||||
| License info header based on org-code | x | ||||
| 3 | Rest API | ||||
| Rest API specification shared | x | ||||
| REST API: component call should have an allDetails parameter | x | ||||
| REST API: releases call shall support paging | x | ||||
| Changelog for REST API | x | ||||
| REST API: eanble retrieving project with details AND paging | x | ||||
| REST API: enable retrieving all projects for a group with details | x | ||||
| 4 | Clearing Documenation | ||||
| Handle tags in CLI files when generating Readme_OSS | x | ||||
| add project attachments in source code bundle (e.g. build script) | x | ||||
| 5 | SW360 process | ||||
| Remove "Approval" section for release level attachments | x | ||||
| capture and display the creation date and creator information from CLI (CLX) file | x | ||||
| Release: add checkbox/flag 'in progress' to show all users that currently someone is working on the creating of the clearing report | x | ||||
| Configuration of who can use and see clearing requests | |||||
| Read general component obligations from CLI (created by FOSSology) | x | ||||
| adding users to projects, before having been logged in | x | ||||
| allow 'create clearing request' only when used by the organization | x | ||||
| 6 | Integrated Automation | ||||
| Policies in CI/CD based on license information | |||||
| List general obligations of FOSSology in CLI file | |||||
| 7 | Architecture (being prepared for the future) | ||||
| API first -->UI | |||||
| Update to new technology stack (to be better prepared for Cloud and Services). | |||||
| Update to the newest technology stack (e.g. Kubernetes to reduce ressources, costs, raise services possiblities) | x | ||||
| Exchange DB (get rid of couchDB) | |||||
| Check working integration scenarios (sharing of code, scripts) | |||||
| 8 | Security/Compliance | ||||
| System | |||||
| Security topics (update of components like Liferay, Spring Framework etc., documenation data management) | x | ||||
| Antivirus for uploaded files | x | ||||
| Improve User Management (deactivating of users who left the company) | x | ||||
| read-only user for offboarding business | x | ||||
| Pull out all necessary Liferay Modules | x | ||||
| Change the main user data should be forbidden | x | ||||
| 9 | Projects | ||||
| Add IP information field in component release view | x | ||||
| Nesting the CLI file (CLX) under corresponding source based on SHA1 value match | x | ||||
| Generate Licensefile: Restoring of chosen Licenseselection is not working in case of same name of license | x | ||||
| Collect data for artifact specific unique identifiers | x | ||||
| 10 | SBOM - Co-Creation | ||||
| Support Co-Creation -exchange of data | x | ||||
| SBOM Generation / Package structure | x | ||||
| export SBOM in SPDX format | x | #1171 | |||
| Import CycloneDX BOM | x | ||||
| Improve COTS handling | x | ||||
| 11 | Data-Quality | ||||
| Creating new vendor should check for duplicates | x | ||||
| Do not copy release with vulnerability Ids | x | ||||
| Add data quality check for releases | x | ||||
| SHA256 for Attachements of Releases and Projects | |||||
| Use package URL for identification of releases | x | https://github.com/eclipse/sw360/issues/1033 | |||
| add project quality check | x | ||||
| Release: add checkbox/flag 'needs cleanup' to show all users that this release needs some cleanup | x | ||||
| ability to filter for active users | x | ||||
| 12 | Documentation and Communication | ||||
| Changelog ‚what changed in REST API‘ | x | ||||
| What to do when a role like security responsible is leaving | x | ||||
| Publish success stories | x |
Description
We as Siemens would like to provide our actual internal roadmap for enhancements of SW360. They are grouped and prioritized. Of course the priorities can change and enhancements can be added any time. Actually we are working already on the high priority issues, and they are partly already inserted in the public issue list. I did not check which ones are available and which ones are not.
Steps followed and expected result
We think that this can be a good start for the development of a public roadmap for SW360. For all parties and also new users a roadmap would be helpful to understand the future of SW360 and prove that we have a lively community supporting SW360.
Screenshots
If applicable, add screenshots to help explain your problem. 20220531-Roadmap SW60-public.xlsx