The OpenChain Project helps to identify and share the core components of a high quality open source compliance program. OpenChain builds trust in Open Source by making things simpler, more efficient and more consistent. It is the industry-standard for managing Open Source compliance across the supply chain.

Where Can I Find A Formal Description Of The Project?

The Project Charter (PDF)

What Does The Project Contain?

Our Specification creates trust between organizations. Our Conformance allows new organizations to join the circle of trust. Our Curriculum supports implementation by entities of any size. The result is that Open Source becomes predictable, understandable and optimized for internal and external supply chains of any type.

Who Conforms To The Specification?

We maintain a list of organizations that have a publicly announced OpenChain Conformant Program. Due to the nature of the OpenChain Specification as a supply chain standard, primarily focused on the relationship between suppliers and purchasers, there may be a number of organizations that are conformant without public announcement.

How Is The Project Organized?

The OpenChain Project has four work teams that anyone can contribute to:

  1. Specification Work Team – identifies and publishes a set of core requirements a quality FOSS compliance program should satisfy.
  2. Curriculum Work Team – provides training material to help companies meeting the Specification education requirements.
  3. Conformance Work Team – helps companies check that they are adhering to the Specification requirements.
  4. Onboarding Work Team – creates overview information to make it easy to explain and understand the OpenChain Project.

There are three committees for member companies:

  1. Governing Board – Manage policies or rules and procedures for the Project, fund raising, budgeting and so forth.
  2. Steering Committee – Development, management and updating of the OpenChain Compliance Specification.
  3. Outreach Committee – Designing, developing and executing efforts to build an OpenChain compliance ecosystem throughout relevant supply chains in collaboration with the Governing Board.

How Does It Related To CII Best Practices?

OpenChain and the CII Best Practices are both Linux Foundation initiatives that identify FOSS process quality criteria. OpenChain focuses on i) improving compliance programs within organizations that use FOSS from different projects in their solutions and ii) the process for contributing back. In contrast, the CII best practices badge focuses on criteria for well-run FOSS projects themselves. See the CII Best Practices website if you are interested in getting a CII Best Practices badge.

Learn More About Specific Parts Of OpenChain

Specification FAQ

Conformance FAQ

Curriculum FAQ