-
Notifications
You must be signed in to change notification settings - Fork 36
Home
This work group is focused on reducing resource costs and improving the quality of results around open source compliance activities. The work group uses open source principles to accomplish this. It is a meritocracy producing real world solutions for real world challenges and it shares results to all interested parties.
- We are making turn-key Open Source tooling for Open Source Compliance
- We are considering what open data database(s) can support this
- We plan to work with existing projects to make this happen (FOSSology, Software Heritage, SPDX, sw360, ClearlyDefined)
This activity is part of the OpenChain Project. Here is a brief description of the hierarchy:
- The OpenChain Project (www.openchainproject.org) maintains the standard for open source compliance in the supply chain. It also provides reference material and collaborative activities in this field.
-
- The OpenChain Project has various Work Groups where volunteers work on specific compliance challenges. Some Work Groups like Automotive and Tooling are global, some like the Japan Work Group are local.
-
-
- The OpenChain Project Tooling Work Group is using the Sharing Creates Value GitHub Repository and OSS Compliance Tooling mailing list to coordinate activity around open source compliance tooling.
-
You can jump right by joining our mailing list:
- Subscription page: https://groups.io/g/oss-based-compliance-tooling
- Email address: [email protected]
- This project works on open source tooling for automation and CI/CD around open source compliance
- We are particularly interested regarding the deployment of such tooling:
- in support of OpenChain, the industry standard for open source compliance
- configured in a way that can be adopted and deployed by supplier companies of any size and in any market
From a high level, OpenChain identifies the key requirements of a quality open source compliance program in its specification. It provides extensive reference material for effective open source training and management and certification options for organizations to show they meet these requirements. However, it outlines process inflection points, not the context of each process. We are seeking to support this initiative by delivering a robust reference automation solution for checking inbound, internal development and outbound software for open source components.