The Linux Foundation Projects
Skip to main content
Category

News

OpenChain Tooling Group – Special Presentation – 2025-02-19

By News

This meeting featured a special presentation by Jeronimo Ortiz of SCANOSS. It provided an overview of the open source SCA tooling and technologies that SANOSS has open sourced and maintains, and looked at some of the user guides and documentation to reduce the adoption effort.

In addition, Jeronimo demoed how to make use of the osskb.org service from Software Transparency Foundation at scale using GitHub Actions, and how you can leverage scanoss.py to make use of such a service for detecting open source at file and snippet level, getting license and copyright information, or creating simple and quick SBOMs in different formats.

The presentation also included an overview of the work being done to integrate osskb.org with well known tools like ORT or FOSSology.

Webinar: DeepSeek – How Open Source AI is unlocking the future – 2025-03-28 @ 07:00 UTC

By News

An introduction to DeepSeek, its technical highlights, its history, its company, and its vision. The main presentation for this webinar will be by Jerry Tan, a long-time contributor to the open source ecosystem in China.

Join using this link up to ten minutes before the official start: 

More About Our Webinars:

This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.

Check Out The Rest Of Our Webinars

RECORDING: OpenChain AI Work Group – Monthly Workshop for North America and Europe – 2025-03-05

By News

We held our regular workshop for the OpenChain AI Work Group on March 5th. It was a two-hour session to allow topics related to AI compliance to be discussed, explored and defined. The key focus for the Work Group is to develop and finalize a Guide to AI Bill of Material Compliance in the Supply Chain, and there is active drafting going on during each meeting.

The Draft Guide:

Watch the Recording:

Track This Work:

You can follow and contribute to the work of the OpenChain AI Work Group through its dedicated mailing list. This is open to everyone regardless of industry vertical or speciality. You will find it here:

Attend Future Meetings:

You can find and get the dial-in details for all future AI Work Group meetings from our participate page here:

COMING SOON: Webinar – The Future of Insurance for Open Source: Are You Really Covered? – 2025-04-22 @ 08:00 UTC

By News

Open source and insurance has long been a topic of interest to commercial providers of products and solutions. This webinar will help unpack the reality of insurance considerations in this space. All welcome.

Abstract:

Open source software providers are facing a triple threat: tightening US and EU regulations, rising IP litigation, and the risks introduced by Gen AI. Soon, your board—and your customers and suppliers— might be asking that you have specific insurance that actually covers OSS-related liabilities. But, does such insurance exist? Does it work? And how should it work?

Historically, insurers have struggled to grasp OSS risks, offering inadequate or unclear coverage. Now, a new wave of insurance solutions is emerging, informed by OpenChain standards and best practices.

Join this session to explore how the insurance industry is evolving, what new OSS-specific coverage looks like, and how you can help shape it to meet the real needs of the open source community.

Meet Your Presenters:

Lewis Parle, Head of Intellectual Property Risks @ Lockton

Andrew Katz, CEO @ Orcro

Stephen Pollard, Director Open Source Advisory @ Orcro

Join the Webinar:

LINK PENDING

COMING SOON: OpenChain Korea Work Group – Meeting #25 – 2025-03-25

By News

The 25th Meeting of the OpenChain Korea Work Group is coming soon! Join one of the most energetic, friendly and productive open source communities dedicated to better supply chain management. All welcome, even if you do not speak Korean.

Time and Date: 25th of March (2025-03-25) 14:00 – 17:00

Location: Korea Digital Certification Association (Yeouido Park One Building Tower 2, 48th floor) – https://maps.app.goo.gl/YnxTkz8LjHPXFJBv6

Check out the agenda and learn more here:

Please note: Format registration will launch soon. You can already express your interest on the OpenChain Korea Work Group mailing list (https://lists.openchainproject.org/g/korea-wg).

OpenChain Newsletter #75

By Monthly Newsletter, News
logo

​ Newsletter – Issue 75 – February 2025

The OpenChain Newsletter provides a monthly summary of our work. It contains an overview of what we are doing to build trust around license compliance and security in the open source supply chain. We accept suggestions and ideas. Feel free to mail us at any time.

Headline News

Outreach

    Webinars

    Meetings

    Our community released the following meeting recordings via our main channel:

    Note: Some community meetings are not recorded or are released through other channels

    Check Out All Our Previous Newsletters:

    OpenChain Japan Community Day #34

    By News

    The OpenChain Japan Community Day #34 was held at Tokyo on March 3rd. Below you can learn more details of the event (Japanese).

    OpenChain Japan Community Day #34@トヨタ大手町
    OpenChainのメンバーが一堂に介し、OSSの最新情報を共有したり、ネットワーキングしたり、
    各業界の課題を議論したりするCommunity Dayの2025年第1弾をトヨタ大手町で実施致します。
    日時:3月3日(月)13:30-17:00、3月4日(火)9:30-12:00
    会場:トヨタ自動車株式会社大手町オフィス

    【3月3日(月)】
    13:30-14:00 (30分)
    House Keeping
    OpenChain紹介
    Shane GMによるKeynote
    14:00-14:30 (30分)
    トヨタ自動車のオープンソース活動の紹介
    14:30-15:00 (30分)
    自動車業界におけるSBOM PoCの紹介
    15:00-15:15
    休憩&ネットワーキング
    15:15-16:15 (60分)
    Automotive Open Source Panel(トヨタ、ホンダ等)
    16:15-16:45 (30分)
    Project ESSTRA:ソフトウェアの透明性とトレーサビリティを強化するソフトウェアスイート(ソニーグループ 生江さん)
    16:45-17:00 (15分)
    ラップアップ

    RECORDING: OpenChain SBOM Study Group – Monthly Meeting – 2025-02-26

    By News

    As always, we focused on the question of “how do we use SBOMs in production, large-scale and complex supply chains?” We are dealing with the reality of supply chains with many participants who have different levels of skill, use different formats, and perhaps follow different regulations or policies.

    This meeting looked at two important pieces of analysis from the OpenChain Japan SBOM Sub-Group. The goal was to find common challenges, and how we can address them when we consider:

    • Process management as our focus (the management layer)
    • Previous OpenChain work in this field (e.g. the Telco SBOM Guide)
    • Other work around the world (e.g. emerging regulation etc.)

    Background Analysis #1 – SBOM Quality Considerations:

    Background Analysis #2 – Further SBOM Quality Considerations:

    Watch the Meeting:

    Learn More About This Study Group:

    Our SBOM Study Group brings all our various SBOM-related activities together and helps answer the question of “how do we use SBOMs in production, large-scale and complex supply chains?” Our original kick-off call has all the details.

    Get Involved:

    ✉️ We have a dedicated mailing list:
    https://lists.openchainproject.org/g/sbom

    💻 We have a dedicated GitHub Repo:
    https://github.com/OpenChain-Project/SBOM-sg

    Announcing Elixir OpenChain ISO/IEC 5230 Certification

    By Featured, News

    The Elixir Project is pleased to share that the Elixir project now complies with OpenChain ISO/IEC 5230, the international standard for open source license compliance. This step aligns with broader efforts to meet industry standards for supply chain and cybersecurity best practices.

    “Today’s announcement around Elixir’s conformance represents another significant example of community maturity,” says Shane Coughlan, OpenChain General Manager: “With projects – the final upstream – using ISO standards for compliance and security with increasing frequency, we are seeing a shift to longer-term improvements to trust in the supply chain.”

    Why OpenChain Compliance Helps

    By following OpenChain ISO/IEC 5230, we demonstrate clear processes around license compliance. This benefits commercial and community users alike, making Elixir easier to adopt and integrate with confidence.

    Changes for Elixir Users

    • All future Elixir releases will include a Source SBoM in CycloneDX 16 or later and SPDX 2.3 or later formats.
    • Each release will be attested along with the Source SBoM.

    These additions offer greater transparency into the components and licenses of each release, supporting more rigorous supply chain requirements.

    Changes for Contributors

    • Contributions remain under the Apache-2.0 License. Other licenses cannot be accepted.
    • The project now enforces the Developer Certificate of Origin (DCO), ensuring clarity around contribution ownership.

    Contributors will notice minimal procedural changes, as standard practices around
    licensing remain in place. For more details, see the CONTRIBUTING guidelines

    Commitment

    These updates were made in collaboration with the Erlang Ecosystem Foundation, reflecting a shared commitment to robust compliance and secure development practices. Thank you to everyone who supported this milestone. We appreciate the community’s ongoing contributions and look forward to continuing the growth of Elixir under these established guidelines.

    Learn more about Elixir: