A general approach for how to think about and tackle open source license compliance.
Defines terms that you’ll encounter as you dive deeper into open source compliance.
Standards Used In Compliance
OpenChain is the ISO/IEC International Standard for Open Source Compliance. It allows companies of all sizes and in all sectors to adopt the key requirements of a quality open source compliance program. This is an open standard and all parties are welcome to engage with our community, to share their knowledge, and to contribute to the future of our standard.Find out more on the OpenChain homepage.
SPDX, the Software Package Data Exchange project, is developing ways for humans and machines to communicate software composition information, including security vulnerabilities, licenses, copyrights and more. Check out and join us in developing:
Open Tooling Used In Compliance
And so many, many more. You can start exploring all the options through the OpenChain Reference Tooling Work Group, which created a dedicated site.