fossa-cli VS conductor

> where we provide lockfiles that are individually valid

Providing lockfiles is a really interesting idea! That certainly solves the "we need your non-deterministic build tool to reproduce an exact build that we found" problem.

We haven't explored this route yet because a lot of our customers use tools that don't support lockfiles (e.g. Maven - Java in general has a lot of legacy stuff).

If you want to build off of our work, our dependency analysis bit is open source: https://github.com/fossas/fossa-cli

FOSSA | Software Engineers (Mid, Sr., Staff), PMs (Mid, Sr.) | USA, Canada, Remote (able to work ~US time zone hours)| Full-Time

FOSSA builds developer tools to help engineering teams manage their open source. We help enterprise customers discover legal (licensing and copyright) and security (vulnerabilities) risks in their dependencies, provide tooling for them to catch these issues in CI, and automate the tedium around policy enforcement and report generation. As companies adopt more open source, their engineering teams get bogged down by more distractions around compliance and security. We help automate away those distractions.

We build an open-source CLI tool (https://github.com/fossas/fossa-cli) that integrates with compilers and build systems to extract dependency and build information; a backend distributed system for analyzing dependency metadata; and a web application with a policy, reporting, and enforcement engine.

Tech we use includes:

The project I'm trying to build is open source (https://github.com/fossas/fossa-cli). When I got this new system set up, I ran the instructions on our HACKING.md page and immediately tried to build. This failed because I didn't have `llvm` installed, so I `brew install llvm`'d, symlinked into `$PATH`, and tried again. This failed due to: ``` install_name_tool: error: unsupported load command (cmd=0x80000034) `install_name_tool' failed in phase `Install Name Tool'. (Exit code: 1)

We celebrated a remarkable milestone in September when the Netflix Conductor GitHub repository reached 10k stars. It was a momentous achievement for our DevRel team. Just a month later, we're thrilled to announce that we've surpassed 12k stars! ⭐🎉

Also, don’t forget to give us a ⭐ on our Netflix Conductor repo.

One of my favorite workflow engines that has a really simple way to do things was not listed here, so I'll call it out - Netflix Conductor (https://github.com/Netflix/conductor).

Its capabilities comes to light when you model really complex workflows and one real value is how its all very visual not just during modeling but when running it. The history remains visible and you can even see how the whole flow evolved.

Yet another significant milestone on our journey: we've proudly reached the 10,000-star mark on our Netflix Conductor GitHub repository! 🌟

Give something like https://github.com/Netflix/conductor a try to solve this -- makes it very easy to do what you are trying to achieve.

Checkout Conductor https://github.com/Netflix/conductor which is far more scalable and easy on the resources with its own Celery like queues. Fully supports writing task workers in python: