by Lisa Noeth | April 11, 2018
April 11 marks an important milestone in our favourite compliance project of the year: Quartermaster - the compliance tool that implements a full Open Sourcce license compliance audit as part of a modern DevOps cycle. On April 11, 2018 Endocode will host the Quartermaster v.0.2 requirement workshop. This workshop marks the end of the development of v.0.1 of Quartermaster. A development cycle that added a completely new architecture, a modular implementation, a master graph database, gPRC based APIs for phase-specific modules written in different programming languages, and more demo builds to the initial prototype.
Based on a new architecture conept developed at the requirement workshop for v.0.1 and learnings gathered from the prototype, development of v.0.1 kicked of with a newly build Quartermaster and some pretty graph visualisations.
After re-starting from scratch to break cleanly from the dirty hacks applied in the prototype, the curl demo was extended and a first internal CI was set up. The build graph was connected to analysing and reporting tools and modules that integrate Ninka and Scancode for license and copyright analysis were implemented. With these extended license detections, the Quartermaster team began implementing the reporting API endpoint. After 4 full sprints, the build graph included informations on analyzers, authors, copyright holders and licenses.
This extended data model can now work as the basis for the reporting. With a refactored reporting API, and a first version of the HTML/SPDX reporter, Quartermaster’s basic toolchain is in place. And together with a public CI pipeline and demos, we release an edgy but shiny first version of Quartermaster. qmstr v.0.1 is here - hello v.0.2!