Beyond SBOMs: making license data actionable with ClearlyDefined

You’re about to ship a product. Legal asks for the third-party notices, so you generate an SBOM, and half the dependencies come back as NOASSERTION. You can’t put that in a NOTICE file, and legal won’t sign off on it. I’ve spent a lot of late nights writing those files by hand, so this is the talk I gave about the project that saves me from most of them: ClearlyDefined.