AbacatePay is a developer-friendly payment gateway designed to simplify payment processing. Built by developers for developers, it offers:
Learn More On Their Website:
The OpenChain Project maintains a reference library of over 1,000 documents. This library has been built over eight years from our original, first release of a set of a training slides for open source license compliance. The library has now been comprehensively updated to make it easier to find, use and share resources.
To ensure easer of navigation and our ability to adjust and improve the library structure over time, you will find that navigation is primarily guided by the README file, which acts as the starting point for all navigation. You can also get a full preview of the structure of the library later in this post.
Most of the material in this repository is available under CC-0 licensing (effectively public domain). You will notice some exceptions with Guides (like the Telco SBOM Guide) and with case studies. These documents are not designed to be freely altered because they provide either guidance developed to consensus in our work groups, or the specific experience of companies in addressing compliance matters.
As of 2025-05-08, the library is structured in the following folders alphabetically:
OpenChain has an AI Work Group. This is where you will find our work on AI compliance topics. The current focus is on AI SBOM management in the supply chain, and what type of program process points are required to manage this effectively.
There is a copy of the working document in this folder, and the active version for editing is kept here:https://docs.google.com/document/d/1XHztgMALwnu2D02bmWYyXeW3wE_Jw199/edit?pli=1#heading=h.pzcghykzc46
You are welcome to be part of this work. OpenChain AI Work Group mailing list:https://lists.openchainproject.org/g/ai
This folder contains compliance-related material non-specific to OpenChain. You may find these community contributions useful in your work.
Having an open source policy is a requirement in our standards. This folder contains some template material to get you started or to help you refine existing policies.
This folder contains guides to adopting the OpenChain standards.
This folder contains case studies from companies that have adopted OpenChain standards.
Explaining the value of OpenChain approaches to compliance process management is critical to ensure buy-in and support across an organization. We have created a series of quick explainer documents to support this.
This folder contains the official OpenChain Project Frequently Asked Questions. These are mirrored on our website.
This folder contains some material relevant to understanding OpenChain standards in the context of Mergers and Acquisitions.
Once an organization has begun to adopt OpenChain standards, the question arises of how to iterate and improve their compliance program. Maturity models or capability models are a tool to assist with this. We have one to share with you as a reference guide.
This folder contains infographics, one-pagers and introductory presentations to help organizations understand the OpenChain Project, its standards, its reference material, and the global community supporting its work.
This folder contains self-certification checklists and questionnaires to help companies easily adopt our standards. This material can also be used as a “health check” for organizations not currently using our standards.
This folder contains a leaflet designed to give suppliers a single file that takes them from “what is open source” through to the importance of license compliance, and the use of OpenChain standards.
This folder contains templates so that the community can develop new presentations or documents with the OpenChain trademarks, mascots and other images.
This folder contains our reference training slides and also the source code for our online training courses.
OpenChain has an SBOM Study Group. This is where you will find our work on SBOM-related topics. The current focus is on SBOM Quality in the supply chain, and what type of approach is required to manage this effectively.
You are welcome to be part of this work. OpenChain SBOM Study Group mailing list:https://lists.openchainproject.org/g/sbom
Our website FAQ page contains resources to get help from our project staff:https://openchainproject.org/resources/faq
We would be delighted to work with you through our Education Work Group. You will find their mailing list here:https://lists.openchainproject.org/g/education
You are encourage to open issues or pull requests online: https://github.com/OpenChain-Project/Reference-Material/issues
In April, the OpenChain Telco Work Group completed work on version 1.1 of the OpenChain Telco SBOM Guide. This document helps to define what is a quality Software Bill of Materials in the context of supply chain management. It uses SPDX, the NTIA Requirements and the experience of the Telco industry to provide a clear, simple and easily adjustable approach. Today, with the release of the updated official validator, we are promoting the guide as generally available to the open source community.
The OpenChain Telco SBOM Guide aims to outline certain requirements related to how an entity creates, delivers, and consumes Software Bill of Materials (SBOM), so that entities that produce and/or consume SBOMs that conform to this guide can ensure repeatability and streamlining of tools and processes for generating and consuming SBOMs.
Note: that this guide does not require a conforming entity to adopt OpenChain standards but doing so is greatly encouraged.
This guide is designed to work on a per SBOM level: an entity can use it as its sole way of delivering SBOMs but it is the individual SBOM that the guide refers to, not the entity that provides the SBOM. An SBOM using this guide can be called “OpenChain Telco SBOM Guide Compatible.”
The following updates were made in version 1.1:
An SBOM that conforms to version 1.0 of the Guide will also conform to version 1.1 of the Guide. The reverse is not true.
Do you want to review the original 1.0 version of the guide? You can learn more and get it in multiple languages via the original Telco SBOM Guide version 1.0 launch announcement. You can also learn more about the version 1.0 validator in its original launch announcement.
Our official validator for the Telco SBOM Quality Guide has been updated for version 1.1 and is available on the OpenChain Telco Work Group GitHub repo.
To install from PyPI, issue:pip3 install openchain-telco-sbom-validator
or pipx install openchain-telco-sbom-validator.
Development of the next generation of the guide will occur via the Telco Work Group, and everyone is welcome to contribute.
Huge credit to Marc-Etienne Vargenau for his steady hand in chairing the OpenChain Telco Work Group, and to Jimmy Ahlberg of Ericsson for kicking off that work group, and his continued work as the Chair of the OpenChain Project Governing Board. Special thanks to all of our wonderful community, especially the contributors inside the OpenChain Telco Work Group who made this happen.
Amazon is the latest company to join the OpenChain Project as a Platinum Member and to take a seat at the Governing Board and Steering Committee. This highlights their unwavering commitment to leadership in open source technology, process management and in building trusted supply chains.
“At Amazon, we believe in strengthening the open source ecosystem through collaboration and shared best practices,” said Nithya Ruff, Director of Amazon’s Open Source Program Office. “By joining the OpenChain Project, we’re committed to contributing our experience across cloud services and consumer devices to support and evolve industry standards. We look forward to working with the OpenChain community to make supply chain collaboration easier and more effective for the industry.”
“Amazon pioneered modern digital management of complex supply chains at massive scale,” says Shane Coughlan, OpenChain General Manager. “Their engagement with the OpenChain Project, and more broadly with all aspect of open source process management, underlines the vital role that open standards and open communities play in building a more trusted supply chain. We look forward to benefiting from their thought-leadership as OpenChain enters the next stage of its evolution.”
The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs.
The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.
Today we are delighted to share the news that ZF Group has implemented an ISO/IEC 5230 conformant program.
This significant achievement underscores their commitment to excellence, innovation, and adherence to the highest standards of compliance and best practices in their open-source initiatives. As noted by Sarah Moser of the ZF Group team, implementing the ISO/IEC 5230 standard represents a crucial step in fostering a culture of transparency, collaboration, and continuous improvement.
ZF Group’s conformance was via third-party certification in collaboration with TIMETOACT. The approach they took, their motivations and their practical solutions will be highlight in a forthcoming OpenChain webinar and case study.
Huge thanks to Sarah, the ZF OSPO team and also Simon Pletschacher at TIMETOACT for not only making this happen, but helping to communicate it widely to inspire others.
ZF is a global technology company represented with 161 production locations in 30 countries. With some 161,600 employees worldwide, ZF reported sales of €41.4 billion in fiscal year 2024.
Founded in 1915, ZF has evolved from a supplier specializing in aviation technology to a global mobility technology company.
Group shareholders include the Zeppelin Foundation, administered by the City of Friedrichshafen, holding 93.8 percent of shares, and the Dr. Jürgen and Irmgard Ulderup Foundation, Lemförde, with 6.2 percent.
The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs.
The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.
QNAP Systems, Inc., a leading computing, networking, and storage solutions innovator based in Taipei, has announce and OpenChain ISO/IEC 5230 conformant program.
QNAP (Quality Network Appliance Provider) is devoted to providing comprehensive solutions in software development, hardware design and in-house manufacturing. Focusing on storage, networking and smart video innovations, QNAP now introduce a revolutionary Cloud NAS solution that joins our cutting-edge subscription-based software and diversified service channel ecosystem. QNAP envisions NAS as being more than simple storage and has created a cloud-based networking infrastructure for users to host and develop artificial intelligence analysis, edge computing and data integration on their QNAP solutions.
The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs.
The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.
The Elixir Project is pleased to share that the Elixir project now complies with OpenChain ISO/IEC 5230, the international standard for open source license compliance. This step aligns with broader efforts to meet industry standards for supply chain and cybersecurity best practices.
“Today’s announcement around Elixir’s conformance represents another significant example of community maturity,” says Shane Coughlan, OpenChain General Manager: “With projects – the final upstream – using ISO standards for compliance and security with increasing frequency, we are seeing a shift to longer-term improvements to trust in the supply chain.”
By following OpenChain ISO/IEC 5230, we demonstrate clear processes around license compliance. This benefits commercial and community users alike, making Elixir easier to adopt and integrate with confidence.
These additions offer greater transparency into the components and licenses of each release, supporting more rigorous supply chain requirements.
Contributors will notice minimal procedural changes, as standard practices around
licensing remain in place. For more details, see the CONTRIBUTING guidelines
These updates were made in collaboration with the Erlang Ecosystem Foundation, reflecting a shared commitment to robust compliance and secure development practices. Thank you to everyone who supported this milestone. We appreciate the community’s ongoing contributions and look forward to continuing the growth of Elixir under these established guidelines.
CSI Piemonte, an early adopter of OpenChain ISO/IEC 5230, has announced their fourth periodic recertification of the international standard for open source license compliance processes.
“CSI Piemonte has renewed its self-certification to ISO/IEC 5230:2020 for the fourth time, aware of its decades-long aptitude to implement, acquire, and publish open source software,” says Marco Alberto Panepinto, Open Source Subject Matter Expert at CSI Piemonte. “Italian law, in particular, requires public administrations to publish self-produced software on the national Developers Italia catalog, on which CSI Piemonte publishes the products implemented for local Piedmontese bodies, including mainly the Piedmont Region. Our processes are aimed at providing and promoting the creation and control of open source software, aimed at reuse by other public administrations, as our legislation provides. It is therefore since 2020 that we have adhered to the standard and we are proud to continue pursuing the goal of making our software open.”
“In recent months we have highlighted recertification activity around our standards to underline the concept of sustainable approaches to software management,” says Shane Coughlan, OpenChain General Manager. “Continuity in supply chain management is key to ensure that issues are minimized and productivity is maximized. We are delighted to collaborate with CSI Piemonte on yet another reminder of this important point, and the suitability of OpenChain standards for such long-term management.”
CSI Piemonte has promoted technological innovation and digital transformation for public administrations since 1977. OpenChain is delighted to welcome them to our community of conformance.
Learn More About CSI
The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs.
The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.
Collabora has recently completed its regular 18 month renewal of ISO/IEC 5230 conformance via self-certification, and is highlighting this activity for the benefit of the wider community. This underlines an important principle of standard adoption and use: sustainability through periodically checking processes to ensure their integrity.
“Our renewed ISO/IEC 5230 certification demonstrates Collabora’s unwavering commitment to maintaining the highest standards of compliance to open-source licenses,” says Olivier Potin, Chief Operating Officer at Collabora. “Through OpenChain, we ensure our customers have complete visibility into their software supply chain while guaranteeing compliance with open source licensing requirements. This certification reinforces our position as a trusted partner in delivering open source solutions.”
“The principle of ensuring continued conformance to a standard is a key part of genuine sustainability,” says Shane Coughlan, OpenChain General Manager. “We appreciate Collabora’s decision to publicly highlight their example in double-checking process integrity, and helping to inspire similar long-term approaches in the supply chain.
Collabora is a global consultancy specializing in delivering the benefits of Open Source software to the commercial world. Whether it’s the Linux kernel, graphics, multimedia or machine learning, Collabora’s expertise spans across all key areas of Open Source software development. By harnessing the potential of community-driven projects, and re-using existing components, Collabora helps its clients focus on creating product differentiation, enabling them to develop the best solutions. From tailoring the latest Open Source technologies to your projects, to integrating Open Source methodologies into your organization, Collabora can help you navigate the ever-evolving world of Open Source. Learn more at collabora.com.
The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs.
The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.
S-core, Self-Certified for OpenChain ISO/IEC 5230 International Standard
S-core has officially obtained the OpenChain ISO/IEC 5230 certification, a globally recognised standard for open source compliance. This certification acknowledges the reliability and transparency of S-Core’s open source management system on an international scale.
OpenChain ISO/IEC 5230 is an open source compliance management standard created by The Linux Foundation’s OpenChain Project and published by the International Organization for Standardization (ISO). It provides guidelines to help companies effectively manage open source and mitigate legal risks.
Open Source Specialist S-core’s Journey
S-core is a company that specializes in open source services, leveraging its extensive experience in open source-based infrastructure development.
This company offers full-care service for open source use, from open source adoption, migration, technical support, to governance consulting in order to help customers establish management systems for safe and strategic use of open source.
It has recently strengthened its capability of open source compliance to deliver more reliable and secure services to customers by aligning its open source management system with OpenChain ISO/IEC 5230.
Internally, a dedicated team continuously reviews licenses, assesses risks and operates in-house training programmes to ensure developers use open source correctly. Additionally, S-core has implemented a structured system using open source management tools to proactively identify and mitigate potential risks throughout the development process.
Sunghan Suh, Head of the Open Source Business Division at S-core, stated, “Open source has already become fundamental components in software development and operation across all industries.” He added, “With the acquisition of the OpenChain certification, we will take the lead in the development of the open source ecosystem to enable companies and developers to use open source more safely and efficiently by sharing our extensive expertise accumulated from adoption, development, operation, management to technical support.”
S-core’s Future Efforts
S-core plans to obtain ISO/IEC 18974 certification to further enhance open source security management, reinforcing its ability to address open source vulnerabilities. Looking ahead, the company aims to commit to the growth and development of the open source ecosystem with continued innovation and progress.
© 2025 OpenChain. All rights reserved. The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our Trademark Usage page. Linux is a registered trademark of Linus Torvalds. Privacy Policy and Terms of Use
