Open source compliance practices are important — whether you’re developing and contributing to an open source project, or using open source as part of your own product or service. Open source compliance is your responsibility, in exchange for — and out of respect for — all the great freedoms and benefits from the software that the community has made available to you.

Resources

Compliance Process
A general approach for how to think about and tackle open source license compliance.

Developer FAQ
Addresses many questions relating to open source compliance.

Compliance Dictionary
Defines terms that you’ll encounter as you dive deeper into open source compliance.

Basics for Developers
Free training course goes much deeper into open source compliance matters.

Projects
Deep dive into compliance matters specific to open source project development.

Organizations
Deep dive into compliance matters specific to organizations who use open source.

Tools

FOSSology
FOSSology
is an open source web-based toolkit with scanners for licenses, copyright notices, export control matters and more. (repo)

Standards

OpenChain
OpenChain builds trust in open source by making open source license compliance simpler and more consistent. The OpenChain Specification defines a core set of requirements every quality compliance program must satisfy. OpenChain Conformance allows organizations to display their adherence to these requirements. The OpenChain Curriculum supports this process by providing extensive reference material for effective open source training and management. The result is that open source license compliance becomes more predictable, understandable and efficient for all participants in the software supply chain. Find out more on the OpenChain homepage.

SPDX
SPDX
, the Software Package Data Exchange project, is developing ways for humans and machines to communicate software composition information, including security vulnerabilities, licenses, copyrights and more. Check out and join us in developing: