Open source compliance is important. This applies whether you are working on an open source project or including open source as part of a product or service. Open source compliance is your responsibility in exchange for the freedom and benefit obtained from this licensing model. Meeting this responsibility is well-understood and well-supported across our global community. The Linux Foundation can help you start your journey.

Resources

Compliance Process
A general approach for how to think about and tackle open source license compliance.

Developer FAQ
Addresses many questions relating to open source compliance.

Compliance Dictionary
Defines terms that you’ll encounter as you dive deeper into open source compliance.

Basics for Developers
Free training course goes much deeper into open source compliance matters.

Projects
Deep dive into compliance matters specific to open source project development.

Organizations
Deep dive into compliance matters specific to organizations who use open source.

Standards Used In Compliance

OpenChain
OpenChain is the ISO/IEC International Standard for Open Source Compliance. It allows companies of all sizes and in all sectors to adopt the key requirements of a quality open source compliance program. This is an open standard and all parties are welcome to engage with our community, to share their knowledge, and to contribute to the future of our standard.Find out more on the OpenChain homepage.

SPDX
SPDX
, the Software Package Data Exchange project, is developing ways for humans and machines to communicate software composition information, including security vulnerabilities, licenses, copyrights and more. Check out and join us in developing:

Open Tooling Used In Compliance

FOSSologyFOSSology is an open source web-based toolkit with scanners for licenses, copyright notices, export control matters and more. (repo)

And so many, many more. You can start exploring all the options through the OpenChain Reference Tooling Work Group, which created a dedicated site.