Skip to main content

This page highlights compliance tools developed by or sponsored by The Linux Foundation and encourages community involvement in the tools’ evolution.

FOSSology
FOSSology is an open source license compliance software system and toolkit. As a toolkit you can run license, copyright and export control scans from the command line. As a system, a database and web ui are provided to give you a compliance workflow. In one click you can generate an SPDX file, or a ReadMe with the copyrights notices from your software. FOSSology deduplication means that you can scan an entire distro, submit a new version, and only the changed files will get rescanned. This is a big time saver for large projects.

SPDX
The SPDX standard helps facilitate compliance with free and open source software licenses by standardizing the way license information is shared across the software supply chain. SPDX reduces redundant work by providing a common format for companies and communities to share important data about software licenses and copyrights, thereby streamlining and improving compliance.   The SPDX Tools provide provides translation, comparison, and verification functionality.

FOSS Bar Code Tracker
The FOSS Bar Code Tracker, available under the MIT license, simplifies the way FOSS components are tracked and reported in a commercial product.  The tool allows companies to easily generate a custom QR code for each product containing FOSS. The QR code contains important information on the FOSS stack contained in a product, such as component names, version numbers, license information and links to download the source code, among other details.

Dependency Checker
Initiated by the Linux Foundation as an open source project, this tool identifies source code combinations at the dynamic and static link levels and provides a license policy framework that enables FOSS Compliance Officers to define combinations of licenses and linkage methods that are to be flagged if found as a result of running the tool.

Code Janitor
Initiated by the Linux Foundation as an open source project, this Code Janitor tool provides linguistic review capabilities to make sure developers did not leave comments in the source code about future products, product code names, mention of competitors, etc. The tool maintains a database of keywords that are scanned for in the source code files to ensure source code comments are sanitized and ready for public consumption.