OpenChain is a specification of requirements designed to help organizations in compliance with to ensure a sound handling of open source components. In a nutshell, OpenChain has five core aspects:
- Clarify responsibilities – which typically is done by settling a policy and ensure staff is aware of/living it
- Assign responsibilities – where you must ensure that tasks are not just asisgned, but peopple held acocuntable for the completion of tasks.
- Review and approve FOSS – to ensure execution of analysis and documentation in each use case, which requires crtain legal expertise to be present
- Deliver FOSS Artifacts – provide the required documentation materials to ensure proper and legally conform handling of FOSS
- Understand Community – where you are tasked to provide rules and regulation , e.g. contribution policy and framework) to ensure a prosperous treatment of open source.
The specification also requests as 6th goal to get certified, but form an operational standpoint this will not make much of a difference assuming you have implemented the first 5 goals. (well, OK, it’s good for marketing…)
Find here, how TrustSource will support you in achieving these goals!
Support for Policy propagation and awareness
TrustSource comes with a powerful feature to make users aware of policies and ensure they will stay up to date. It provides counters and feedback options so that Compliance managers may easily followup who needs further attention.
Automate Analysis
With many integrations into modern (and older) software build and delivery processes – with branch and tag support – TrustSource helps you to stay alert with the most recent developments
Keep it green!!!
Achieving compliance could be as simple as defining the working order “Keep it green” for your project managers or product owners. TrustSource provides simple and ease to understand traffic light-like color codes on all levels of control, so that need for action is simple to recognize. Whether it is about obligations or vulnerabilities, impact becomes immediately clear and can be managed accordingly.
Powerful filter options as well as extensive reporting provide your staff with details on what action to take next. Integrations with Jira or Team Foundation Services allow creation and followup of tickets for your development teams
Provide Legal Expertise
The relevance of understanding the situation and resolving the obligations based on the many impacting factors requires a legal talent or expertise. To overcome the shortage of this resource we have assessed most license types and developed a legal solver that immediately recognizes all changes in the environment or the components and and is able to determine the resulting obligations and grants without the developers requiring to study law.
Generate your Compliance Artefacts
Based on the detailed understanding of the context, the component status and the obligations TrustSource will help you to compile your Notice Files with a simple click. Based on the clearing work you – or other users of TrustSource – have done before, TrustSource generates you the complete Notice File and tells you which gaps to close to achieve the finalized Notice File.
Contact us to get your test access today!
To learn more about these and more stunning features of TrustSource contact us now. Our staff will be happy evaluating how TrustSOurce may fit into your Open Source compliance program and provide you with a test access. Do not wait, contact now!