Awesome
Open Source Tooling for Open Source Compliance
What we do
We are building an end-to-end automated open source compliance toolchain ecosystem with open source tools as an open source project. To accomplish this we:
- use existing independent tooling projects, the tools itself remain independent projects with their own set up
- provide reference workflows to allow their adoption
- develop the concepts to ensure easy interoperability and integration in existing environments
- define together with the tooling projects the required API specifications and data model which are required to orchestrate the tools to form an end to end toolchain
- develop glue code and test cases to combine the tools to end-to-end toolchains
Although the current focus is on license compliance we are also considering:
- Security
- ECC (Export Control and Customs)
- Quality metrics
at a later stage
How we build the open source compliance toolchain
We are developing this via an open source project because there is no "one fits all solution". The only way to satisfy the different needs and requirements is to involve all different stakeholders of, in the ideal case, all organzistions which exist, no matter whether it is an individual, a NGO, a part of the public administration, a university or a company. Everybody is welcome to contribute to this project no matter whether it is a concept, a workflow or any other documentation, code, API or test case. Please check our project charter to learn more about how we operate, our code of conduct and how to contribute to the project
Why we are doing it
It is our belief that Open Source license compliance toolchains has to be Open Source itself. Because this is the only way to provide the required transparency and flexibility to integrate the toolchains in an existing environment as well as being able to adopt to new technologies or new needs. We are convinced that such toolchains need to be fully and seamlessly integrated in the CI/CD workflows, since technology is changing faster than ever - the only way to cope with this is the open source approach. We want that everybody has full transparency about the software products (products in an abstract sense) this can only be achieved with a 100% open source approach. Last but not least open source is the only way to provide a sustainable solution.
How to get involved
The most easiest way is to join one or more of our communication channels:
- Mailing list: oss-based-compliance-tooling@groups.io
- Mailing list subscription page
- Slack channel
- Online meetings : Bi-weekly - Invitations are sent to the mailing list
- In person meetings : 3-4 times a year - Announcements are sent to the mailing list - due to the current COVID situation in person meeting will not take place