Open Source Tooling for Open Source Compliance

What we do

We are building an end-to-end automated open source compliance toolchain ecosystem with open source tools as an open source project. To accomplish this we:

• use existing independent tooling projects, the tools itself remain independent projects with their own set up
• provide reference workflows to allow their adoption
• develop the concepts to ensure easy interoperability and integration in existing environments
• define together with the tooling projects the required API specifications and data model which are required to orchestrate the tools to form an end to end toolchain
• develop glue code and test cases to combine the tools to end-to-end toolchains

Although the current focus is on license compliance we are also considering:

• Security
• ECC (Export Control and Customs)
• Quality metrics

at a later stage

How we build the open source compliance toolchain

We are developing this via an open source project because there is no "one fits all solution". The only way to satisfy the different needs and requirements is to involve all different stakeholders of, in the ideal case, all organzistions which exist, no matter whether it is an individual, a NGO, a part of the public administration, a university or a company. Everybody is welcome to contribute to this project no matter whether it is a concept, a workflow or any other documentation, code, API or test case. Please check our project charter to learn more about how we operate, our code of conduct and how to contribute to the project

Why we are doing it

It is our belief that Open Source license compliance toolchains has to be Open Source itself. Because this is the only way to provide the required transparency and flexibility to integrate the toolchains in an existing environment as well as being able to adopt to new technologies or new needs. We are convinced that such toolchains need to be fully and seamlessly integrated in the CI/CD workflows, since technology is changing faster than ever - the only way to cope with this is the open source approach. We want that everybody has full transparency about the software products (products in an abstract sense) this can only be achieved with a 100% open source approach. Last but not least open source is the only way to provide a sustainable solution.

How to get involved

The most easiest way is to join one or more of our communication channels:

• Mailing list: [email protected]
• Mailing list subscription page
• Slack channel
• Online meetings : Bi-weekly - Invitations are sent to the mailing list
• In person meetings : 3-4 times a year - Announcements are sent to the mailing list - due to the current COVID situation in person meeting will not take place

Projects we align with

• ACT
• ClearlyDefined
• Double open
• OpenChain
• Open Compliance Program
• Open Source License Checklists by OSADL eG
• Open Source License Compliance Handbook provided by FINOS Foundation
• Reuse project run by the Free Software Foundation Europe