Open-source Software Capability Assessment Radar

OW2 is dedicated to improve the quality and the market readiness of the OW2 code base. Having good quality code and a good reputation for code is essential for the success and the growth of OW2. It is also essential for the growth of the downloads and the dissemination of the OW2 code. The efforts target primarily the mature projects.

OSCAR – Open-source Software Capability Assessment Radar – is the quality programme of OW2. It started as SQuAT – Software Quality Assurance and Trustworthiness. It is organized around two pillars exhibited by the figure below: Governance, Engineering. OSCAR is organized into chapters each of which is instrumented by one or several tools. 

oscar.png

Oscar quality analysis pillars

OW2 endeavours to integrate tools to help projects produce reports on the quality of the code, and on the quality of the IP. OW2 has incorporated into its governance process the fact that, for a project to be moved from incubation to mature, it is required that the project produces the report on the quality of the code and on the IP compliance. The mature projects are required to publish all Oscar reports. The final decision is left to the end user – OW2 is not a certification office.

OW2 is also evaluating the methods, processes and tools provided by Trustie: OW2 will become a user of the Trustie processes to enhance the quality of our software. A first installation of the Trustie Software Resource Repository on the OW2 infrastructure was done in 2012 with the help of Peking University.

Quality assessment tools

Open-source Maturity Model

The Open-source Maturity Model (OMM) is a maturity model and assessment methodology from the QualiPSo project. The OW2 OMM assessment template to be filled in by OW2 projects is available at OMM and is under constant evolution under the leadership of the OW2 Technology Council.

SonarQube - Static code analysis

SonarQube is a static analysis solution covering a wide variety of languages including Java, Python, Erlang, C++. It implements the SQALE methodology to evaluate the technical debt of a project.

FOSSology – IP analysis

FOSSology is an open-source license compliance software system and toolkit. It allows to run license, copyright and export control scans from the command line or from a Web user interface. FOSSology implements the SPDX standard – Software Package Data Exchange. The results of FOSSology applied to the OW2 projects is available from the projects dashboards.

Antepedia Reporter – IP and security analysis

Antelink Antepedia Reporter: Antepedia Reporter is used for source code analysis.

Acknowledgements

This programme benefits from help from Qualipso, FOSSology at HP (and originally OSUOSL), Antelink and Peking University, without which it would not have been possible.

See also