Skip to content
Shane Coughlan edited this page Aug 26, 2019 · 22 revisions

Open Source Tooling for Open Source Compliance

A Single Focus

This work group is focused on reducing resource costs and improving the quality of results around open source compliance activities. The work group uses open source principles to accomplish this. It is a meritocracy producing real world solutions for real world challenges and it shares results to all interested parties.

  • We are making turn-key Open Source tooling for Open Source Compliance
  • We are considering what open data database(s) can support this
  • We plan to work with existing projects to make this happen (FOSSology, ScanCode, Software Heritage, SPDX, sw360, sw360antenna, ClearlyDefined)

Our communication channels

You can jump right by joining our mailing list:

You are also welcome to join our slack channel:

Our Meeting Minutes

Defining Our Areas of Work

  • This project works on open source tooling for automation and CI/CD around open source compliance
  • We are particularly interested regarding the deployment of such tooling:
    • in support of OpenChain, the industry standard for open source compliance
    • configured in a way that can be adopted and deployed by supplier companies of any size and in any market

From a high level, OpenChain identifies the key requirements of a quality open source compliance program in its specification. It provides extensive reference material for effective open source training and management and certification options for organizations to show they meet these requirements. However, it outlines process inflection points, not the context of each process. We are seeking to support this initiative by delivering a robust reference automation solution for checking inbound, internal development and outbound software for open source components.

Projects We Align With

Background Context: Setting the Stage

Background Context: Reference Slide Decks

Clone this wiki locally