Skip to main content

OpenChain ISO 5260 and SPDX explicitly enter the Scania supply chain via Scania Corporate Standard 4589 (STD 4589)

By 2021-05-14November 2nd, 2021Featured

As recently noted by Jonas Oberg, Open Source Officer at Scania, OpenChain ISO 5230 and SPDX have been explicitly included in Scania Corporate Standard 4589 (STD 4589). This defines the expectations Scania has towards suppliers when they deliver a solution containing open source software.

Scania has three key considerations defined in STD 4589:

  1. Suppliers should conform to OpenChain ISO 5230.
  2. Suppliers should ideally contribute modifications to open source components to the originating open source project.
  3. Suppliers should provide a software bill of materials in SPDX format and any applicable source code when the software license requires it.