OPENCHAIN PROJECT

Identifying common best practices in compliance programs that should be applied across a supply chain for efficient and effective compliance with open source licenses

WHAT IS OPENCHAIN

OpenChain was created to address FOSS-related friction points in the software supply chain.  The focus of OpenChain today is helping to prevent companies redundantly recreating compliance work that upstream companies have already done or should have done.

  • The vision for the project is to enable a software supply chain where free/open source software (FOSS) is delivered with trusted and consistent compliance information.
  • The mission is to establish requirements to achieve effective management of free/open source software (FOSS) for software supply chain participants, such that the requirements and associated collateral are developed collaboratively and openly by representatives from the software supply chain, open source community, and academia.

The OpenChain Conformance Specification 1.0 defines a common set of requirements and best practice for open source organizations to follow in an attempt to encourage an ecosystem of open source software compliance.

Supporting organizations include: Adobe, ARM, Cisco, Harman, Hewlett Packard Enterprise, Qualcomm, Siemens and Wind River.

This project would not have been possible without the valuable sharing of expertise and knowledge by our many community members.  In particular, the contributions of  Gary O’Neall (Source Auditor), Miriam Ballhausen (Lumesse), Shane Coughlan (Opendawn) and Catharina Maracke,  are much appreciated.

JOIN THE OPENCHAIN WORKING GROUP MEETING + MAILING LIST

JOIN THE COMMUNITY

Download OpenChain 1.0 Specification

Read The OpenChain FAQ

Download OpenChain Curriculum