Apply for sandbox stage for project: Gemara (FKA - SCI) (#479)

trumant · lehors · web-flow · commit 1049f5b1098e · 2025-06-13T15:06:30.000-04:00
* Apply for sandbox stage for project: SCI

The ORBIT WG would like to create a new technical initiative: currently named SCI

Signed-off-by: Travis Truman &lt;trumant@gmail.com&gt;

* clarify project renaming outcome if approved

Signed-off-by: Travis Truman &lt;trumant@gmail.com&gt;

* Update gemara_sandbox_stage.md

Co-authored-by: Arnaud J Le Hors &lt;lehors@us.ibm.com&gt;
Signed-off-by: Travis Truman &lt;trumant@gmail.com&gt;

* Update gemara_sandbox_stage.md

Co-authored-by: Arnaud J Le Hors &lt;lehors@us.ibm.com&gt;
Signed-off-by: Travis Truman &lt;trumant@gmail.com&gt;

---------

Signed-off-by: Travis Truman &lt;trumant@gmail.com&gt;
Co-authored-by: Arnaud J Le Hors &lt;lehors@us.ibm.com&gt;
diff --git a/process/project-lifecycle-documents/gemara_sandbox_stage.md b/process/project-lifecycle-documents/gemara_sandbox_stage.md
@@ -0,0 +1,46 @@
+## Application for creating a new project at Sandbox stage
+
+### List of project maintainers
+
+The project has [4 maintainers](https://github.com/revanite-io/sci/graphs/contributors) from 4 different organizations:
+
+* Eddie Knight, Sonatype, @eddie-knight
+* Travis Truman, Independent, @trumant
+* Jason Meridth, GitHub, @jmeridth
+* Alex Speasmaker, USAA, @speas038
+
+And one contributor, from a fifth organization:
+
+* Jennifer Power, RedHat, @jpower432
+
+### Sponsor
+
+Most projects will report to an existing OpenSSF Working Group, although in some cases a project may report directly to the TAC. The project commits to providing quarterly updates on progress to the group they report to.
+
+* [ORBIT WG](https://github.com/ossf/wg-orbit)
+
+### Mission of the project
+
+The project must be aligned with the OpenSSF mission and either be a novel approach for existing areas, address an unfulfilled need, or be initial code needed for OpenSSF WG work. It is preferred that extensions of existing OpenSSF projects collaborate with the existing project rather than seek a new project.
+
+* Gemara, currently named "Simplified Compliance Infrastructure (SCI)", is a collection of schema describing data interchange formats for security and compliance activities and a Golang module for producing and consuming data conforming to these formats. The project's mission is to serve as a unifying, integration format between tools and applications that operate in the security and compliance space. SCI is currently used to model the catalog of compliance controls in the OSPS Baseline and in the FINOS Common Cloud Controls and is expected to be adopted by additional tools like darn/darnit, oscal-tempest, etc.
+
+**_NOTE: due to a naming collision with the existing OpenSSF Supply Chain Integrity WG, if this project is granted Sandbox phase status, it will be renamed Gemara._**
+
+### IP policy and licensing due diligence
+
+When contributing an existing Project to the OpenSSF, the contribution must undergo license and IP due diligence by the Linux Foundation (LF).
+
+  * Gemara is currently licensed under the Apache 2.0 License and requires DCO signoff from all contributors
+  * We will initiate this process shortly.
+  
+### Project References
+
+The project should provide a list of existing resources with links to the repository, and if available, website, a roadmap, contributing guide, demos and walkthroughs, and any other material to showcase the existing breadth, maturity, and direction of the project.
+
+| Reference           | URL |
+|---------------------|-----|
+| Repo                | https://github.com/revanite-io/sci |
+| Website             | https://www.revanite.io/sci |
+| Contributing guide  | https://github.com/revanite-io/sci/blob/main/CONTRIBUTING.md |
+| Security.md         | Once approved for Sandbox phase, we intend to adopt https://github.com/ossf/wg-orbit/blob/main/SECURITY.md |
