Skip to main content

GUAC adopts license metadata from ClearlyDefined

· One min read
Nick Vidal
Community Manager at Open Source Initiative

The software supply chain just gained some transparency thanks to an integration of the Open Source Initiative (OSI) project, ClearlyDefined, into GUAC (Graph for Understanding Artifact Composition), an OpenSSF project from the Linux Foundation. GUAC provides a comprehensive mapping of software packages, dependencies, vulnerabilities, attestations, and more, allowing organizations to achieve better compliance and security of their software supply chain.

Read more: https://opensource.org/blog/guac-adopts-license-metadata-from-clearlydefined

Better identifying conda packages with ClearlyDefined

· One min read
Nick Vidal
Community Manager at Open Source Initiative

ClearlyDefined, an Open Source project that helps organizations with supply chain compliance, now provides a new harvester implementation for conda, a popular package manager with a large collection of pre-built packages for various domains, including data science, machine learning, scientific computing and more.

Read more: https://opensource.org/blog/better-identifying-conda-packages-with-clearlydefined

Beyond SPDX, expanding licenses identified by ClearlyDefined

· One min read
Nick Vidal
Community Manager at Open Source Initiative

ClearlyDefined now supports non-SPDX licenses. Scancode already provides this functionality and it offers mapping from these non-SPDX licenses to the SPDX LicenseRef. Organizations using ClearlyDefined now have the option to decide how to handle non-SPDX licenses based on their own needs.

Read more: https://opensource.org/blog/beyond-spdx-expanding-licenses-identified-by-clearlydefined

Unveiling ClearlyDefined, this free SBOM service gets cleared for takeoff

· One min read
Nick Vidal
Community Manager at Open Source Initiative

With all the buzz around SBOMs and Open Source supply chain compliance and security, a new revolution is igniting at ClearlyDefined. This amazing project has been flying under the radar since its inception six years ago, but now this free service and open source project from the Open Source Initiative (OSI) gets cleared for takeoff with the launch of a new website focused on stellar documentation, excellent engineering, and healthy community growth.

Read more: https://opensource.org/blog/unveiling-clearlydefined-this-free-sbom-service-gets-cleared-for-takeoff

Three perspectives from FOSS Backstage

· One min read
Nick Vidal
Community Manager at Open Source Initiative

As a community manager, I find FOSS Backstage to be one of my favorite conferences content-wise and community-wise. This is a conference that happens every year in Berlin, usually in early March. It’s a great opportunity to meet community leaders from Europe and across the world with the goal of fostering discussions around three complementary perspectives: a) community health and growth, b) project governance and sustainability, and c) supply chain compliance and security.

Read more: https://opensource.org/blog/three-perspectives-from-foss-backstage

ClearlyDefined at the ORT Community Days

· One min read
Nick Vidal
Community Manager at Open Source Initiative

Once again Bosch’s campus in Berlin received ORT Community Days, the annual event organized by the OSS Review Toolkit (ORT) community. ORT is an Open Source suite of tools to automate software compliance checks.

The ClearlyDefined community had an important presence at the event, represented by E. Lynette Rayle and Lukas Spieß from GitHub and Qing Tomlinson from SAP. I had the pleasure to represent the Open Source Initiative as the community manager for ClearlyDefined. The mission of ClearlyDefined is to crowdsource a global database of licensing metadata for every software component ever published. We see the ORT community as an important partner towards achieving this mission.

Read more: https://opensource.org/blog/clearlydefined-at-the-ort-community-days

ClearlyDefined, recapping a year of progress and sharing a vision for 2024

· One min read
Nick Vidal
Community Manager at Open Source Initiative

At the beginning of 2023, I started as a community manager for ClearlyDefined, with the goals of creating an open governance model for the project and helping the OSI to establish a neutral infrastructure to foster collaboration among multiple stakeholders. Thanks to the amazing work from our community members, a lot of progress has been made in 2023, but there’s still a lot of work ahead of us. In this post, we would like to highlight some milestones achieved this past year and acknowledge some individuals who have contributed to the project. We would also like to share a vision for 2024 and invite all organizations who care about the Open Source supply chain to become involved.

Read more: https://opensource.org/blog/clearlydefined-recapping-a-year-of-progress-and-sharing-a-vision-for-2024

The most popular licenses for each language in 2023

· One min read
Nick Vidal
Community Manager at Open Source Initiative

The 2023 report of the licenses in use by the biggest package managers highlights the need to educate developers on the importance of licensing information. While many developers know that Open Source software forms the backbone of modern development, the data shows that much of their software is shared (and most likely also used) without a license.

Read more: https://opensource.org/blog/the-most-popular-licenses-for-each-language-2023