The Open Source Way

Credential Digger is an SAP Open-Source code scanner for detecting hardcoded secrets. In this episode, Slim Trabelsi discusses with host Karsten Hohage what led to the creation of Credential Digger and about its key differentiators. Slim also speaks of the early challenges of scanning for secrets, and lists the many advantages of using open source for building and maintaining Credential Digger. Open source comes with visibility for customers, and contributors can work on a project even before they join the team or after they leave, leading to improved continuity and a better tool overall. Guests: Slim Trabelsi joined SAP 15 years ago and currently works as a senior security expert in the SAP Security Research team. His background includes data privacy, data protection, and social media security. He is currently focusing his research activities on cyber security, threat intelligence, and surveillance. Slim recently developed an open-source tool called Credential Digger, which is used to identify hardcoded secrets in source code repositories like GitHub.   Twitter: https://twitter.com/slim_security LinkedIn: https://www.linkedin.com/in/slim-trabelsi-94534a83/ GitHub: https://github.com/SlimTrabelsi SAP People: https://people.sap.com/slim.trabelsi   Show Notes: Links https://github.com/SAP/credential-digger https://github.com/SAP/vs-code-extension-for-project-credential-digger Credential Digger: Using Machine Learning to Identify Hardcoded Credentials in Github – blog post SAP Security Research https://huggingface.co/SAPOSS/password-model NIST – Source Code Security Analyzers SAP Open Source Program Office SAP Open Source at SAP Community SAP Open Source Twitter ospo@sap.com Additional Downloads: Download transcript as PDF file Hosted by Karsten Hohage – Product Expert in Technology and Innovation (T&I) LinkedIn: https://www.linkedin.com/in/karsten-hohage-0180312/

In this episode, our host Karsten Hohage talks with Johannes Bechberger, who is an open-source developer at SAP. They discuss why and how Johannes promotes his work on SapMachine, OpenJDK, and profiling through blogging, speaking at conferences, and having a presence on social media. Johannes also shares tips and learnings collected on his journey of “doing good and talking about it”. Guests: Johannes Bechberger currently works as a JVM developer in the SapMachine team at SAP. His responsibilities include making improvements to async-profiler and its ecosystem, as well as improving the FirefoxProfiler, which enables it to be usable in the Java world. In addition to his many contributions to open source, he also runs a successful blog, where he regularly writes about in-depth profiling and debugging. Twitter: https://twitter.com/parttimen3rdBlog: https://mostlynerdless.deLinkedIn: https://linkedin.com/in/johannes-bechberger-381296149GitHub: https://github.com/parttimenerdMastodon: https://mastodon.social/@parttimenerdSAP People: https://people.sap.com/parttimenerd Show Notes: Links SapMachine: https://sapmachine.io https://github.com/SAP/SapMachine Async Profiler: https://github.com/async-profiler/async-profiler Firefox Profiler based IntelliJ plugin: https://github.com/parttimenerd/intellij-profiler-plugin Sweet SapMachine on Twitter: https://twitter.com/SweetSapMachine The Open Source Way – Compiler History: https://podcast.opensap.info/open-source-way/2021/10/27/compiler-history-the-open-source-in-your-favorite-1990s-first-person-shooter/   The Open Source Way – SapMachine and OpenJDK: https://podcast.opensap.info/open-source-way/2021/12/29/sapmachine-the-openjdk-for-all-things-sap/ Foojay Podcast #14: Debugging Tools and Skills for Fun and Profit: https://foojay.io/today/foojay-podcast-14/ SAP Open Source Program Office SAP Open Source at SAP Community SAP Open Source Twitter ospo@sap.com Additional Downloads: Download transcript as PDF file Hosted by Karsten Hohage – Product Expert in Technology and Innovation (T&I) LinkedIn: https://www.linkedin.com/in/karsten-hohage-0180312/

In this episode, our host Karsten Hohage talks with our guests Georg Gruetter from Robert Bosch and Michael Picht from SAP about common concerns regarding InnerSource. They debunk some of the frequent myths surrounding InnerSource and explain the many benefits of its utilization, including its versatility and its innovative and collaborative nature. In the course of the conversation, they also discuss how InnerSource code can be maintained successfully and what can be done for quality control. Guests: Georg Grütter is a passionate software developer and chief expert for InnerSource at Robert Bosch in Germany, where he co-founded the InnerSource initiative in 2009. Georg also co-founded the InnerSource Commons Foundation, for which he serves on the board of directors. Before Georg joined Bosch in 2004, he worked as a software developer and consultant for Line Information GmbH, Zurich System House and Mercedes-Benz AG. LinkedIn: https://www.linkedin.com/in/georggruetter/ Michael Picht works as a chief architect at the SAP Open Source Program Office. He is one of the leads of SAP’s InnerSource program. Prior to this, he worked as a developer, software architect, project-, program- and product manager within SAP application development with focus on supply chain management, business processes, and innovation topics. LinkedIn: https://de.linkedin.com/in/michael-picht-249b7a149 Show Notes: Links https://www.youtube.com/@sapdevs https://groups.community.sap.com/t5/sap-codejam/eb-p/codejam-events https://innersourcecommons.org https://www.oreilly.com/library/view/adopting-innersource/9781492041863/ http://georg-gruetter.de/seven-years-of-innersource-at-bosch.mp4 https://podcast.opensap.info/open-source-way/2020/11/11/innersource-rocks/ https://blogs.sap.com/2021/10/06/establishing-innersource-at-sap/ InnerSource is a marathon, not a sprint – the SAP Journey – IS Summit 22 SAP Open Source Program Office SAP Open Source at SAP Community SAP Open Source Twitter ospo@sap.com Additional Downloads: Download transcript as PDF file Hosted by Karsten Hohage – Product Expert in Technology and Innovation (T&I) LinkedIn: https://www.linkedin.com/in/karsten-hohage-0180312/

In this episode, our host Karsten Hohage talks with our guests Alan Clarke and Keith Seigel about SUSE Enterprise Linux and and Linux in general. The speakers discuss how the SUSE distribution relates to Linux as an open source project and and talk about the development of new projects like Trento. They also mention the certification process, the subscription for patches and updates, discuss an example of fixing a HANA on SUSE issue, and explain the importance of the long-standing partnership with SAP for SUSE’s business. Guests: Alan Clarke is SAP Alliance Manager for the EMEA region at SUSE and has spent 8 of his 10 years there, embedded within the SAP ecosystem. Alan spends much of his time collaborating with and supporting both SAP partners (Hyperscalers, IHVs, GSIs and regional SIs and MSPs) and also assists SAP customers with their migration and transformation projects. Twitter: https://twitter.com/alanclarke_SUSELinkedIn: https://www.linkedin.com/in/alanclarke7 Keith Seigel came to SUSE in December of 2020 after a 10 year career within the SAP Ecosystem. At SAP he was an Account Executive who then moved through the leadership rankings within the Sales Development organization. Shortly after leading the Sales Development teams at SAP, he moved into a leadership role for various different solutions and services at SAP. Keith now oversees SUSE’s partnership with SAP for North America. LinkedIn: https://www.linkedin.com/in/keith-s-626a7b8 Show Notes: Links https://www.suse.com/solutions/run-sap-solutions/ https://www.trento-project.io/ https://github.com/trento-project Safeguard Your SAP S/4HANA deployment with SUSE Trento SAP Open Source Program Office SAP Open Source at SAP Community SAP Open Source Twitter ospo@sap.com Additional Downloads: Download transcript as PDF file Hosted by Karsten Hohage – Product Expert in Technology and Innovation (T&I) LinkedIn: https://www.linkedin.com/in/karsten-hohage-0180312/

In this episode, our host Karsten Hohage talks with our guests Christian Georgi and Daniel Hutzel about the SAP Cloud Application Programming Model (CAP), a Software Development Kit (SDK) to build applications in the enterprise world.  They speak about how CAP is gradually being open-sourced so that it can evolve with the help of its community. This will allow, for instance, the support of additional databases, consumption protocols, and UI frameworks. We also learn how the CAP team has engaged with the community so far and how this motivated them to open source it. Guests: Christian Georgi has been working on development tools at SAP for many years, like the SAP HANA Studio and ABAP Development Tools (ADT) for Eclipse. He is now a product owner for CAP tools and helps spread the word about CAP. LinkedIn: https://www.linkedin.com/in/christian-georgi-291258115 Daniel Hutzel has been with SAP since 2004. He invented and designed Core Data Services (CDS) in 2012, which got broadly adopted across SAP (in HANA, ABAP, and CAP), as well as Cloud Application Programming Model (CAP) in 2017, which he has been leading since then as Chief Architect and CPO. LinkedIn: https://www.linkedin.com/in/aragon Show Notes: Links cap.cloud.sap reCAP conference UI5con Community page SAP Open Source Program Office SAP Open Source at SAP Community SAP Open Source Twitter ospo@sap.com Additional Downloads: Download transcript as PDF file Hosted by Karsten Hohage – Product Expert in Technology and Innovation (T&I) LinkedIn: https://www.linkedin.com/in/karsten-hohage-0180312/

In this episode, our host Karsten Hohage talks with our guest Christoph Szymanski about Project Piper, an open source library for the creation of continuous integration and delivery pipelines. Christoph speaks about how Project Piper relates to the SAP-proprietary service “SAP Continuous Integration and Delivery“ and how Piper became a successful offering to anybody working with SAP development projects. We also learn why Christoph loves the unpopular task of writing tests and how these are the key factor to continuous delivery and integration. Guest: Christoph Szymanski is the owner of the SAP Continuous Integration and Delivery service and also works on Project Piper, which is the library behind the service, developed as a community project. Both enable you to build and automatize software delivery pipelines. Christoph has been an application developer for 20 years, mainly focusing on web applications in different languages and frameworks. During his career, he engaged in various roles, as for example Product Owner, Scrum Master, and Product Manager. LinkedIn: https://www.linkedin.com/in/christoph-szymanski-9b0484103/Twitter: https://twitter.com/ski_at_work  Show Notes: Links Project Piper: https://www.project-piper.io Continuous Integration and Delivery: https://help.sap.com/docs/CONTINUOUS_DELIVERY?locale=en-US SAP Open Source Program Office https://developers.sap.com/open-source.html SAP Open Source Twitter ospo@sap.com Additional Downloads: Download transcript as PDF file Hosted by Karsten Hohage – Product Expert in Technology and Innovation (T&I) LinkedIn: https://www.linkedin.com/in/karsten-hohage-0180312/

In this episode, our host Karsten Hohage talks with our guest Arne Arnold from Red Hat about Linux and the role of distributors in the open-source world. Arne speaks about his journey from SAP to Red Hat and how the distributor made its way to become a catalyst for open-source communities. We also learn how Arne started his Linux career contributing to the search for extraterrestrial life from his student dormitory and about SAP’s contribution to Linux becoming the leading server operating system worldwide.    Guest: Arne Arnold is a Senior Principal Product Manager within the Red Hat Enterprise Linux Business Unit. As the offering manager for Red Hat’s solutions targeting SAP, his focus lies on SAP certifications and product roadmap for RHEL for SAP Solutions, the RHEL High Availability solutions for SAP, and SAP automation on top of the Red Hat Ansible Automation Platform.Arne holds a Master‘s degree in Computer Science and is a certified PMI Project Manager Professional. Prior to joining Red Hat in 2018, Arne worked for VMware and SAP and was one of the first Product Managers for the SAP HANA platform. LinkedIn: https://www.linkedin.com/in/arne-arnold/  Twitter: https://twitter.com/vArneArnold Show Notes: Links https://www.redhat.com/sap https://access.redhat.com/ecosystem/sap Red Hat online trainings with SAP https://open.sap.com/courses/red1-pc https://open.sap.com/courses/red2-pc Red Hat customer trainings https://www.redhat.com/de/services/training/red-hat-ansible-automation-sap SAP Open Source Program Office https://developers.sap.com/open-source.html SAP Open Source Twitter ospo@sap.com Additional Downloads: Download transcript as PDF file Hosted by Karsten Hohage – Product Expert in Technology and Innovation (T&I) LinkedIn: https://www.linkedin.com/in/karsten-hohage-0180312/

In this episode, our host Karsten Hohage talks with our guest Shane Coughlan about OpenChain by the Linux Foundation and some other projects that build trust in the supply chain. Shane gives an overview of developments around open source and intellectual property over the last 20 years. We also learn about why OpenChain can be compared to shipping containers, and how organizations like the NSA have embraced Linux for secure US government operations. Guest: Shane Coughlan is a GM @linuxfoundation, advisor to the @worldmobilegroup, Assembly Member of @OpenForumEurope. He is an expert in communication, security, and business development. His professional accomplishments include   building the largest open source governance community in the world through the OpenChain Project  spearheading the licensing team that made Open Invention Network (OIN) the largest patent non-aggression community in history   establishing the first global network for open source legal experts.   Shane is a founder of both the first law journal and the first law book dedicated to open source. Currently – among other things – he leads the OpenChain Project.  Twitter: https://twitter.com/opendawn LinkedIn: https://www.linkedin.com/in/shanecoughlan/  Show Notes: Links www.openchainproject.org SAP Open Source Program Office https://developers.sap.com/open-source.html SAP Open Source Twitter ospo@sap.com Additional Downloads: Download transcript as PDF file Hosted by Karsten Hohage – Product Expert in Technology and Innovation (T&I) LinkedIn: https://www.linkedin.com/in/karsten-hohage-0180312/

In this episode, our host Karsten Hohage talks with our guests Ruben Koster and Beyhan Veli about Cloud Foundry, a platform-as-a-service offering for application developers. Ruben and Beyhan talk about their personal journey with Cloud Foundry, how it works, and how it relates to VMware, Pivotal, and SAP. We also learn about their run for Cloud Foundry’s Technical Oversight Committee and their future vision for the platform. Guests: Ruben Koster has been a Cloud Foundry and BOSH consultant for 8 years before he joined VMware in the spring of 2021. He comes from the Netherlands, works in Sweden, and is also an aspiring member of the TOC. Twitter: https://www.linkedin.com/in/rukoster/ LinkedIn: https://github.com/rkoster/ Beyhan Veli has been active in the CF community for over seven years. He started to contribute as a member of the BOSH team at SAP.A year ago, he took on a broader role at SAP and now also looks into other areas of CF and general topics from a Cloud Foundry application developer perspective. In the CF Community, Beyhan is the technical lead in the Foundational Infrastructure working group and an aspiring member of the TOC. Twitter: https://de.linkedin.com/in/beyhan-veli-791a093 Github: https://github.com/beyhan LinkedIn: https://twitter.com/beyhan Show Notes: 12 factor principles info cloudfoundry.org bosh.io TOC Slack channel Cloud Foundry Organization on GitHub SAP Open Source Program Office https://developers.sap.com/open-source.html SAP Open Source Twitter https://developers.sap.com/open-source.html SAP Open Source Twitter https://developers.sap.com/open-source.html SAP Open Source Twitter ospo@sap.com Additional Downloads: Download transcript as PDF file Hosted by Karsten Hohage – Product Expert in Technology and Innovation (T&I) LinkedIn: https://www.linkedin.com/in/karsten-hohage-0180312/

In this episode, our host Karsten Hohage talks with our guests Volker Buzek and Peter Muessig about wdi5, an open-source end-to-end testing framework for UI5. Volker and Peter explain the history of wdi5, how to use it, and how it became a community project. We also learn about planned features of wdi5 and how to best get involved. Guests: Volker Buzek is an IT-Architect at j&s-soft GmbH with a focus on web-based and mobile architectures. He is also an SAP Mentor and the inventor of wdi5. Twitter: https://twitter.com/vobu LinkedIn: https://www.linkedin.com/in/volkerbuzek/ Peter Muessig has worked for SAP since 2005 and is an initial member of the Phoenix Project. Today, he is the Chief Development Architect for UI5 and focuses on its evolution. In his spare time, he is an active member of the UI5 open source community. Twitter: https://twitter.com/pmuessig LinkedIn: https://www.linkedin.com/in/peter-muessig-7b40576/ Show Notes: Blog post by Volker Buzek wdi5: https://github.com/ui5-community/wdi5 wdi5 documentation: https://ui5-community.github.io/wdi5 UI5 community: https://github.com/ui5-community https://www.js-soft.com/ https://openui5.org/ui5con/germany2022/ https://openui5.org https://sdk.openui5.org/ SAP Open Source Program Office https://developers.sap.com/open-source.html SAP Open Source Twitter ospo@sap.com Additional Downloads: Download transcript as PDF file Hosted by Karsten Hohage – Product Expert in Technology and Innovation (T&I) LinkedIn: https://www.linkedin.com/in/karsten-hohage-0180312/