News

Our next webinar will be entitled ‘Compliant containers with the OSADL Base Image’ and will be delivered by Caren Kresse of OSADL. This will address one of the hottest topics in compliance: “how do you make containers compliant?”

About This Webinar:

While containers certainly simplify deploying software, fulfilling FOSS license obligations for containers is made difficult by their layered structure and the lack of compliance material in public repositories. Although every container is customized for its particular use and therefore comprises different software components, many are built on a base image that provides essential system components. It seems obvious to apply the Open Source principle of sharing development of non-differentiating technologies and services to license obligations of container base images. Therefore, OSADL offers the so called OSADL Base Images that are provided together with all required legal information and material needed to be distributed compliantly. A company may build their individual container images on top of the OSADL Docker Base Image and use the provided instructions to fulfill license obligations for the additional software to achieve license compliant container distribution. This presentation will explain how the base images and in particular the license compliance material are created, list what flavors, versions and variants are available and show how they can be used to facilitate licensing of individual containers.

Project page: https://www.osadl.org/base-image
Docker Hub: https://hub.docker.com/r/osadl/

We start at 09:00 CEST 2025-09-10. All welcome, no registration needed.

Join here at the start time:

• https://zoom-lfx.platform.linuxfoundation.org/meeting/98100842857?password=58e60da7-867b-49ce-8ba3-bb8ee492839d

More About Our Webinars:

There was a significant market impact with the release of Version 1.1 of the Telco SBOM Quality Guide:
https://openchainproject.org/featured/2025/05/09/openchain-telco-sbom-guide-version-1-1-now-available

This lead to discussions about how we can make an explicitly cross-industry guide covering the topics of *how* we determine what is quality, and *how* we manage this across multiple industries. This lead to the development of a ”thinking” document considering how a cross-industry, cross-format SBOM quality could be structured:
https://github.com/OpenChain-Project/SBOM-sg/blob/main/Cross-Industry-SBOM-Quality-Guide/en/Cross-Industry-SBOM-Quality-Guide.md

As of last week, permission was given by the OpenChain Governing Board for the SBOM Study Group to turn into a full OpenChain Work Group, and to explicitly work on turning the thinking document into an official OpenChain guide for everyone. The formal announcement regarding the SBOM Study Group evolution will be made later this week, and meanwhile, you can check out a detailed presentation on the topic of a cross-industry SBOM Quality Guide in the slides below.

Check Out The Slides:

Learn More About This Study (and soon Work) Group:

Our SBOM Study Group brings all our various SBOM-related activities together and helps answer the question of “how do we use SBOMs in production, large-scale and complex supply chains?” Our original kick-off call has all the details.

Get Involved:

Everyone is welcome to be part of this study group! OpenChain has free, open access to all its work groups and study groups. Just turn up, and listen in, and contribute comments, ideas and suggestions.

✉️ We have a dedicated mailing list:
https://lists.openchainproject.org/g/sbom

💻 We have a dedicated GitHub Repo:
https://github.com/OpenChain-Project/SBOM-sg

Attend Future Meetings:

You can find and get the dial-in details for all future meetings from our participate page here:
https://www.openchainproject.org/participate

We held our regular OpenChain AI Work Group meeting for North America and Europe on the 2nd of September. This meeting focused on reviewing comments around the AI Compliance Guide, which recently completed its public comment period and approval by the Governing Board.

The specific comments addressed were:

1. https://github.com/OpenChain-Project/Reference-Material/issues/101
2. https://github.com/OpenChain-Project/Reference-Material/issues/102
3. https://github.com/OpenChain-Project/Reference-Material/issues/107
4. https://github.com/OpenChain-Project/Reference-Material/issues/108
5. https://github.com/OpenChain-Project/Reference-Material/issues/109

Watch the Recording:

Get Involved:

Everyone is welcome to be part of this activity! OpenChain has free, open access to all its work groups and study groups. Just turn up, and listen in, and contribute comments, ideas and suggestions.

✉️ We have a dedicated mailing list for the AI Work Group: https://lists.openchainproject.org/g/ai

Attend Future Meetings:

You can find and get the dial-in details for all future meetings from our participate page here: https://www.openchainproject.org/participate

It is a bit of a “community week” here at the OpenChain Project, and you will see various things from Open Source Summit Europe appearing across our news and social media. However, there is another item we wanted to flag from Open Source Summit North America recently.

OpenChain is a totally global project, with contributors from three continents (we are open to every other continent contributing as well), and that means we operate in a lot of languages. That means far more than translation. It means cognitive load, and other challenges.

There was a wonderful talk from Naomichi Shima and Norio Kobota at Sony Group Corporation (voting alternate and board members of OpenChain respectively) on this topic at OSS NA. It was called “Empowering Asian Contributions: The Rise of Regional User Groups in Open Source Communities”

There is something really important contained in this presentation about how much effort is needed to communicate across language barriers. While the OpenChain Project has always tried to pay attention to this, and we have developed various workflows and methods over the last nine years, we want to (a) make sure we keep doing that effectively and (b) make sure every other project has access to our lessons learned.

You can view the full presentation here:

The Recording of Day 1:

The Recording of Day 2:

The OpenChain Project recently held a special mini-summit at the 2025CCF Open Source Conference in Shanghai. The schedule was lead by Zhenhua Sun of ByteDance, Chair of the OpenChain China Work Group, and featured both legal and technical topics related to compliance. The goal was to highlight available solutions in an era when open source and artificial intelligence are intersecting, and with the help of our local community, we had a great chance to start this important discussion.

Learn More About The Event:

• https://mp.weixin.qq.com/s/f-9egkHEllGtwo3LW0KSPg?scene=1