Skip to content

This repo realizes the idea that OSS compliance activities will be less expensive by applying OSS principles


Notifications You must be signed in to change notification settings


Repository files navigation

Open Source Tooling for Open Source Compliance


What we do

We are building an end-to-end automated open source compliance toolchain ecosystem with open source tools as an open source project. To accomplish this we:

  • use existing independent tooling projects, the tools itself remain independent projects with their own set up
  • provide reference workflows to allow their adoption
  • develop the concepts to ensure easy interoperability and integration in existing environments
  • define together with the tooling projects the required API specifications and data model which are required to orchestrate the tools to form an end to end toolchain
  • develop glue code and test cases to combine the tools to end-to-end toolchains

Although the current focus is on license compliance we are also considering:

  • Security
  • ECC (Export Control and Customs)
  • Quality metrics

at a later stage

How we build the open source compliance toolchain

We are developing this via an open source project because there is no "one fits all solution". The only way to satisfy the different needs and requirements is to involve all different stakeholders of, in the ideal case, all organzistions which exist, no matter whether it is an individual, a NGO, a part of the public administration, a university or a company. Everybody is welcome to contribute to this project no matter whether it is a concept, a workflow or any other documentation, code, API or test case. Please check our project charter to learn more about how we operate, our code of conduct and how to contribute to the project

Why we are doing it

It is our belief that Open Source license compliance toolchains has to be Open Source itself. Because this is the only way to provide the required transparency and flexibility to integrate the toolchains in an existing environment as well as being able to adopt to new technologies or new needs. We are convinced that such toolchains need to be fully and seamlessly integrated in the CI/CD workflows, since technology is changing faster than ever - the only way to cope with this is the open source approach. We want that everybody has full transparency about the software products (products in an abstract sense) this can only be achieved with a 100% open source approach. Last but not least open source is the only way to provide a sustainable solution.

How to get involved

The most easiest way is to join one or more of our communication channels:

Projects we align with


This repo realizes the idea that OSS compliance activities will be less expensive by applying OSS principles




Code of conduct





No releases published