As 2024 draws to a close, it’s time to reflect on a transformative year for the ClearlyDefined project. From technical advancements to community growth, this year has been nothing short of extraordinary. Here’s a recap of our key milestones and how we’ve continued to bring clarity to the Open Source ecosystem.

Read more: https://opensource.org/blog/clearlydefined-2024-in-review-milestones-growth-and-community-impact

We are excited to announce the release of ClearlyDefined v2.0 which adds over 2,000 new well-known licenses it can identify. You can see the complete list of new non-SPDX licenses in ScanCode LicenseDB.

Read more: https://opensource.org/blog/clearlydefined-v2-0-adds-support-for-licenserefs

The Open Source Initiative in collaboration with GitHub and SAP presented ClearlyDefined at SOSS Fusion.

Read more: https://opensource.org/blog/clearlydefined-at-soss-fusion-2024-a-collaborative-solution-to-open-source-license-compliance

We are excited to announce the newly elected leaders for the ClearlyDefined Steering and Outreach Committees!

Read more: https://opensource.org/blog/clearlydefineds-steering-and-outreach-committees-defined

In 2018, SAP began its engagement with ClearlyDefined, and has since become an integral part of SAP’s internal Free and Open Source (FOSS) compliance process, aiding in the acquisition of important package metadata required for risk evaluation.

Read more: https://opensource.net/clearlydefined-at-sap/

The software supply chain just gained some transparency thanks to an integration of the Open Source Initiative (OSI) project, ClearlyDefined, into GUAC (Graph for Understanding Artifact Composition), an OpenSSF project from the Linux Foundation. GUAC provides a comprehensive mapping of software packages, dependencies, vulnerabilities, attestations, and more, allowing organizations to achieve better compliance and security of their software supply chain.

Read more: https://opensource.org/blog/guac-adopts-license-metadata-from-clearlydefined

ClearlyDefined, an Open Source project that helps organizations with supply chain compliance, now provides a new harvester implementation for conda, a popular package manager with a large collection of pre-built packages for various domains, including data science, machine learning, scientific computing and more.

Read more: https://opensource.org/blog/better-identifying-conda-packages-with-clearlydefined

ClearlyDefined now supports non-SPDX licenses. Scancode already provides this functionality and it offers mapping from these non-SPDX licenses to the SPDX LicenseRef. Organizations using ClearlyDefined now have the option to decide how to handle non-SPDX licenses based on their own needs.

Read more: https://opensource.org/blog/beyond-spdx-expanding-licenses-identified-by-clearlydefined

With all the buzz around SBOMs and Open Source supply chain compliance and security, a new revolution is igniting at ClearlyDefined. This amazing project has been flying under the radar since its inception six years ago, but now this free service and open source project from the Open Source Initiative (OSI) gets cleared for takeoff with the launch of a new website focused on stellar documentation, excellent engineering, and healthy community growth.

Read more: https://opensource.org/blog/unveiling-clearlydefined-this-free-sbom-service-gets-cleared-for-takeoff

As a community manager, I find FOSS Backstage to be one of my favorite conferences content-wise and community-wise. This is a conference that happens every year in Berlin, usually in early March. It’s a great opportunity to meet community leaders from Europe and across the world with the goal of fostering discussions around three complementary perspectives: a) community health and growth, b) project governance and sustainability, and c) supply chain compliance and security.

Read more: https://opensource.org/blog/three-perspectives-from-foss-backstage