Linux Foundation Launches Automated Compliance Tooling Program

APIs bridge between open source and SaaS
  • The ACT program will be headed by Google, VMware, and Siemens
  • The project will have VMware-developed Tern inspection tool

According to a report by sdx central, the Linux Foundation has formed a new open source code licensing program called Automated Compliance Tooling (ACT) that will be headed by Google, VMware, and Siemens. The program will look to manage the responsibility and investment challenges that open source code is facing in recent times.

As per the report, the Linux Foundation said that using open source code comes with a responsibility to comply with the terms of the code’s license. The goal of ACT will be to consolidate investments in this and enhance interoperability and usability of open source compliance tooling.

OSS Review Toolkit

The program will consist of five projects. Firstly, it will have the Linux Foundation Fossology open source license compliance software system and toolkit. It will allow users to run license, copyright, and export control scans from a Representational State Transfer (REST) API. It will also include the Open-source software (OSS) Review Toolkit (ORT). The ORT supports automated and customizable open source compliance checks of source code and dependencies of a project.

VMware-developed Tern inspection tool

The project will also have a Quartermaster which was contributed by Endocode. It will integrate into the build system to learn about the software products, their sources, and dependencies. It will also include an aspect of the existing Linux Foundation Software Package Data Exchange (SPDX) Tools project.

Lastly, the project will have VMware-developed Tern inspection tool. The Tern tool has been designed to find metadata of the package installed in a container image. This will allow it to provide depth in understanding a container’s bill of materials.


Please enter your comment!
Please enter your name here