-
Notifications
You must be signed in to change notification settings - Fork 36
Home
This work group is focused on reducing resource costs and improving the quality of results around open source compliance activities. The work group uses open source principles to accomplish this. It is a meritocracy producing real world solutions for real world challenges and it shares results to all interested parties.
- We are making turn-key Open Source tooling for Open Source Compliance
- We are considering what open data database(s) can support this
- We plan to work with existing projects to make this happen (FOSSology, OSS Review Toolkit, ScanCode, Software Heritage, SPDX, sw360, ClearlyDefined)
You can jump right by joining our mailing list:
- Subscription page: https://groups.io/g/oss-based-compliance-tooling
- Email address: [email protected]
You are also welcome to join our slack channel:
Note that we agreed that meetings held in in person are under the Chatham House Rule
- This project works on open source tooling for automation and CI/CD around open source compliance
- We are particularly interested regarding the deployment of such tooling:
- in support of OpenChain, the industry standard for open source compliance
- configured in a way that can be adopted and deployed by supplier companies of any size and in any market
From a high level, OpenChain identifies the key requirements of a quality open source compliance program in its specification. It provides extensive reference material for effective open source training and management and certification options for organizations to show they meet these requirements. However, it outlines process inflection points, not the context of each process. We are seeking to support this initiative by delivering a robust reference automation solution for checking inbound, internal development and outbound software for open source components.