A new ACT for open source compliance from The Linux Foundation
As open source continues to grow in popularity and usage, there comes with it a responsibility to understand its licenses. The Linux Foundation is here to help improve open source compliance. Meet ACT: the new project on the horizon.
What’s new in the world of open source? The Linux Foundation announced that they are launching a new tooling project for improving open source compliance. This new project’s goal is to ensure that when using open source projects, users understand what they are complying with.
The Linux Foundation continues to be a leading beacon in the FOSS world, with worldwide events and over one million professionals enrolled in their free training courses. Just some of the successful projects that the Linux Foundation hosts include Rook, Node.js, Kubernetes, and Linkerd (which just got a fancy new UI makeover). You don’t have to look far to see names and noteworthy tools that you’re familiar with!
The new ACT
The new project is called ACT: Automated Compliance Tooling.
In the press release, The Linux Foundation stated that “Using open source code comes with a responsibility to comply with the terms of that code’s license, which can sometimes be challenging for users and organizations to manage. The goal of ACT is to consolidate investment in, and increase interoperability and usability of open source compliance tooling, which helps organizations manage compliance obligations.”
Together, four projects currently make up ACT:
- FOSSology: Already an existing Linux project, FOSSology is moving on up. It is an open source license compliance by open source software toolkit. Users run the license, copyright, and export control scans via the command line. The mission of FOSSology is: “advancing open source license compliance“.
- QMSTR: The Quartermaster project is a tool for creating integrated open source toolchains. It collaborates with the SPDX and OpenChain projects.
- SPDX Tools: Software Package Data Exchange includes information about components, licenses, copyrights, and security. This group encourages to usage of tooling.
- Tern: Open source compliance for containers written in Python. From the GitHub FAQ: “Open source software compliance is a hard problem in general but it gets harder with containers due to the ability to reuse diff filesystems.”
Now, with these four tools, it’s easy to find up-to-date and current compliance documentation.
In the future, ACT may add more projects to it that fit the bill. Do you know of any potential new members or partners? Contact act AT LinuxFoundation DOT org about the open source compliance tooling project you have in mind.
Better understanding open source compliance
Open source tools are growing and their usage is becoming more mainstream. Even tech giants like Microsoft are adding to open source.
Therefore, its popularity means that compliance with FOSS licenses must become easier for the average user as well.
We often look forward to the future, trying to predict what will happen to open source and what the road ahead ensues. While open source software is a great thing, it does come with some risks.
In an interview with software and security consultant at Synopsys Stanislav Sivak at DevOpsCon, he told us, “The most common risks for open source are security, legal, and operational.” Perhaps then, this new project by the Linux Foundation is a step towards the right direction. By making sure that users are more aware of what they are complying to in regards to open source software, we can lesser some of the risks and downsides.
What do the next twenty years of FOSS have in store? Check out some predictions and see if you agree with them!