Open Source Tooling for Open Source Compliance
News
Projects and Tools new to the list of OSS-Based-License-Compliance-Tools
- OSSelot Osselot is the Open Source curation database. The curated data are available on the corresponding GitHub repo
- Dejacode Automate open source license compliance and ensure software supply chain integrity
Upcoming Events
- There will be a Fringe Event about OSS compliance and security tools on 2nd of Feb 2024
- There will be a SBOM devroom at FOSDEM'24 on Sunday 4th of Feb
Introduction
A Single Focus
This work group is focused on reducing resource costs and improving the quality of results around open source compliance activities. The work group uses open source principles to accomplish this. It is a meritocracy producing real world solutions for real world challenges and it shares results to all interested parties.
- We are making turn-key Open Source tooling for Open Source Compliance
- We are considering what open data database(s) can support this
- We plan to work with existing projects to make this happen (Bang, FOSSology, ORT, ScanCode, SPDX, sw360, SW360antenna, Tern and the online data from SW Heritage and ClearlyDefined)
This activity is part of the OpenChain Project. Here is a brief description of the hierarchy:
-
The OpenChain Project maintains the standard for open source compliance in the supply chain. It also provides reference material and collaborative activities in this field.
-
The OpenChain Project has various Work Groups where volunteers work on specific compliance challenges. Some Work Groups like Automotive and Tooling are global, some like the Japan Work Group are local.
-
The OpenChain Project Tooling Work Group is using the Sharing Creates Value GitHub Repository and OSS Compliance Tooling mailing list to coordinate activity around open source compliance tooling.
In a Nutshell
Our goal is to provide OSS cmpliance reference toolchains licensed under an OSS compliant licensed.
You can learn more on our Github space