Skip to main content


Xmirror is the latest Official OpenChain Partner

By Featured, News

Xmirror Security, a Chinese DevSecOps company, has joined the OpenChain Partner Program.  With a founding team specialized in network security technologies from Peking University, Xmirror Security is uniquely positioned to help clients secure the software supply chain.

From now on, Xmirror Security will support ISO 5230, the international standard for Open Source license compliance, and construct a healthy Open Source ecosystem and a trusted software supply chain in collaboration with other global corporations like Google, Microsoft and Meta.

“The OpenChain Project has been a contributor to the Open Source security ecosystem for a significant numbers of years,” says Shane Coughlan, OpenChain General Manager. “We seek to ensure trust in the supply chain, and our new partnership with XMIRROR will help to accelerate this mission in the Chinese market. We look forward to supporting companies of all sizes seeking excellent around the use of Open Source.”

Initiated by Linux Foundation, OpenChain is a project aiming at setting and maintaining the international standard for Open Source license compliance, which offers companies a more efficient solution for the consistency of Open Source license compliance. Currently, hundreds of magnates from multiple fields have joined OpenChain, building trust in Open Source among software supply chain stakeholders.

“Xmirror Security is glad to be an OpenChain partner and construct a more trusted and efficient Open Source supply chain and ecosystem together with the whole community,” says Ziya, Founder & CEO, Xmirror Security. “OpenChain shares our view of the Open Source supply chain security risks and challenges faced by corporations during digital transformation. To ‘manage Open Source risks through an Open Source solution’, we provide professional technical support and community service for corporations and developers through our Open Source SCA tool, OpenSCA. In the future, we will be hand in glove with not only OpenChain but also more Open Source partners to build up a more open, inventive and energetic Open Source community based on China software supply chain security and empower more users from diverse industries.”

More Commentary from Xmirror

While Open Source is gaining popularity in software development, the risk of Open Source components vulnerabilities and license compliance is also noteworthy. Focuses on Integrated detection and defence of continuous threats in DevSecOps software supply chain with two engines of code-vaccine and active defence technologies, our self-developed 3rd generation DevSecOps AI-Adaptive Threat Management System mainly includes both integrated development and operation agile security products covering pivotal parts from threat modelling, Open Source management, threat revealing, threat simulation as well as detection and response, and software supply chain security service characterized by the actual attack and defence confrontation. Thousands of corporations have embraced our solution for an efficient software supply chain.

Moreover, depending on its leading ability to detect Open Source application vulnerabilities, OpenSCA has been recognized as one of the most Valuable Open Source Projects in Gitee.

We attach great importance to cooperating with other organizations relevant to Open Source and software supply chain. Apart from joining OpenChain, we’ve been selected as one of the first members of Trustworthy Open Source Compliance and Software Supply Chain Security Lab launched by CAICT. Being committed to the original aspiration and mission of defending software supply chain security, Xmirror Security will actively participate in the joint contribution to the Open Source Ecosystem.

About Xmirror Security

The Xmirror Security founding team originated from the white hat hacker team of Peking University. Through years of accumulation of offensive and defensive confrontation key technologies and the accumulation of cutting-edge technologies such as deep learning, the founding team has creatively developed an intelligent adaptive threat management system for the new generation of DevSecOps IT strategic framework, with top offensive and defensive combat experience. It can ensure the life cycle of software supply chain security, promote the defense level of real business with intelligent automatic attack technology, and empower government and enterprise organizations to achieve security self-adaptation and self-growth.

OpenChain Korea Work Group Meeting #14 – Recordings

By Featured, News

The recordings from the recent Korea Work Group Meeting #14 are now available on their local website. Check them out here:

You will find material covering the global project activities, local activities, SFC vs Vizio analysis and an overview from FOSSID.

You can subscribe to the Korea Work Group mailing list here and keep up with all their activities:

OpenChain IP Summit Survey Results

By Featured, News

Ahead of the results of the main OpenChain Industry Survey 2022, we wanted to share the results of an earlier survey we held at the OpenChain IP Summit. We have twelve responses (around 22% of the audience).

These results include some interesting insights into company focus and evolution SBOM, OSPO/SCA collaboration, and the use of tooling.

Check the results out below.

Main interest:
33% Copyright
0% Patents
67% Copyright and Patents

Was this event directly relevant to your work?
100% Yes

Is tooling (automaton) something critical to your work?
92% Yes
8% No

Is the use of SBOM a reality for your supply chain today?
67% Yes
17% No
17% Partially

Does your OSPO collaborate closely with your SCA team?
67% Yes
0% No
25% Not Applicable

Do you collaborate with other companies to share SCA, SBOM or tooling approaches?
25% Yes
33% No
42% To a limited extent

OpenChain Telco Work Group meeting 2022-06-2 (today) at 09:00-10:00 CET

By News

How we work:
As always anyone is welcome, it is not required that you are part of the list or a member of OpenChain, not for that matter identifying as a Telco company. Feel free to invite those you think would benefit from participating.

Information about the May meeting of the Telco Group (not much activity thus the lack of MoMs.
A first look at the “draft specification”. 
Trademark discussion. 
Discussion of possible F2F get together.

Dial-In details below.

The Telco group meets the first Thursday of each month, our meeting cadence can be found here:

Our charter and work program can be found here:

Dial-In Information:
Meeting ID: 4377592799

Check your timezone:
PDT United States Pacific UTC-07:00
UTC Coordinated Universal Time UTC
CET Central European Time UTC+01:00
IST India Standard Time UTC+05:30
CST China Standard Time UTC+08:00
KST Korea Standard Time UTC+09:00
JST Japan Standard Time UTC+09:00

One tap mobile:

+13017158592,,4377592799# US (Washington DC) 13126266799,,4377592799# US

+(Chicago) 13462487799,,4377592799# US (Houston) 

+16465588656,,4377592799# US (New York) 16699006833,,4377592799# US (San

+Jose) 12532158782,,4377592799# US (Tacoma) 18773690926,,4377592799# US

+18558801246,,4377592799# US 14388097799,,4377592799# Canada

+15873281099,,4377592799# Canada 16473744685,,4377592799# Canada

+16475580588,,4377592799# Canada 17789072071,,4377592799# Canada

+12042727920,,4377592799# Canada 18557038985,,4377592799# Canada

Dial by your location:

+1 3017158592 US (Washington DC)

+1 3126266799 US (Chicago)

+1 3462487799 US (Houston)

+1 6465588656 US (New York)

+1 6699006833 US (San Jose)

+1 2532158782 US (Tacoma)

+1 8773690926 US

+1 8558801246 US

+1 4388097799 Canada

+1 5873281099 Canada

+1 6473744685 Canada

+1 6475580588 Canada

+1 7789072071 Canada

+1 2042727920 Canada

+1 8557038985 Canada

Find your local number:

SECTREND is the Latest OpenChain Partner

By Featured, News

SECTREND, a Chinese company providing SCA services, is the latest company to join the OpenChain Partner community. As a leading vendor inside the Chinese market, their engagement marks another important step in ensuring freedom of choice around tooling for license compliance, security and other matters.

“We are thrilled to join the OpenChain with other participating members around the globe in the open source landscape,” says Alex Xue, Founder & CEO, SECTREND. “Since 2016, OpenChain has been innate to provide companies of all sizes in all markets a trusted and consistently compliant open source supply chain. SECTREND, together with OpenChain, will provide the open source community with plethora of contributions pertaining to tooling, training, research, best practices and consulting. The collaborative DNA of open source community and the OpenChain project will enable us to leverage the best-in-class resources from peers in all industries. We believe that such engagement and involvement will make the software supply chain more secure and reliable.”

“China is the largest single market in the world in terms of population, and the single most important part of the global supply chain,” says Shane Coughlan, OpenChain General Manager. “SECTREND represents the evolution of local leadership around open source. Adjacent to shipping products there is the need to continually refine processes in their support. SCA has been an essential part of this at the opening of our decade and it will remain pivotal in the years ahead.”

Learn More About SECTREND

External: CAICT Releases Open Source Compliance Guidelines (中文 / Chinese)

By Featured, News

Sometimes people worry that open source compliance is going to be difficult or expensive. This is a valid concern but it is also one we can quickly address. Open source has been used commercially for decades. All the expensive learning has been completed around licensing, and it is being shared by organizations around the world. After all, our goal is contribution, and cheap, effective compliance is part of that.

This guide from CAICT contains some open source compliance guidelines to help you get started. Think of it as a lighthouse to help guide your journey. The experience contained here will save you time and money. Most importantly, it will open more doors (and more code) to accelerate your products and your innovation.

— Shane Coughlan, OpenChain General Manager

Learn More and Get the Guide: