OSCHINA has officially joined the OpenChain Partner Program, an initiative of OpenChain under the Linux Foundation dedicated to improving trust, security, and compliance in software supply chains worldwide.
As one of China’s leading open-source and developer platform providers, OSCHINA will contribute its expertise in software supply chain security, open-source governance, and developer ecosystems while collaborating with organizations around the world to advance industry best practices and international standards.
OpenChain, established by the Linux Foundation in 2015, brings together companies, industry groups, and public sector organizations to develop practical standards and reference materials that support effective open-source compliance and software supply chain management.
Strengthening Software Supply Chain Security
Over the years, OSCHINA has developed comprehensive software supply chain security capabilities through its developer ecosystem and enterprise R&D platforms. The company has built a full-lifecycle framework that addresses security requirements across source code management, component analysis, build processes, software delivery, and runtime operations.
Its platform integrates technologies such as Static Application Security Testing (SAST), Software Composition Analysis (SCA), reachability analysis, and intelligent auditing to help organizations identify vulnerabilities, manage open-source risks, and improve license compliance. Through deep integration with the Gitee DevOps platform, security checks can be incorporated directly into development workflows, providing continuous feedback throughout the software development lifecycle.
Supporting Global Standards and Industry Collaboration
OSCHINA currently operates two core platforms: the Gitee DevSecOps R&D Efficiency Platform and the Moark AI Platform.
As the designated operator of several national open-source initiatives in China, OSCHINA serves more than 18 million developers and supports organizations across industries including finance, government, manufacturing, and technology. Gitee DevSecOps has established a strong presence in enterprise software development environments, while Moark provides AI engineering capabilities spanning models, datasets, computing resources, and application development.
Participation in the OpenChain Partner Program provides an opportunity to contribute practical implementation experience to international discussions around software supply chain security while aligning with globally recognized approaches to open-source governance, compliance, and risk management.
Building a Trusted Open Source Ecosystem
“Joining the OpenChain Partner Program reflects our commitment to advancing trusted software supply chains and strengthening collaboration across the global open-source ecosystem,” said Ma Yue, Chairman of OSCHINA.
“From our origins as an open-source community and code hosting platform to our current role supporting enterprise software development and AI infrastructure, we have consistently focused on enabling innovation through open technologies. We look forward to working with the OpenChain community to promote best practices in compliance, security governance, and software supply chain management.”
Through its participation in OpenChain, OSCHINA aims to support organizations in establishing standardized and trustworthy software supply chain governance practices while contributing to the continued growth and security of the global open-source ecosystem.
