Google, Siemens and VMware fund The Linux Foundation to advance the Automated Compliance Tooling project

The Linux Foundation, today announced that Google, Siemens and VMware have committed funding for the Automated Compliance Tooling (ACT), as well as key advancements for tools that increase ease and adoption of open source software. the nonprofit organization enabling mass innovation through open source. The three companies are founding members of the Foundation.

Using open source code comes with a responsibility to comply with the terms of that code’s license. The goal of ACT is to consolidate investments in these efforts and to increase interoperability and usability of open source compliance tooling. Google, Siemens and VMware are among the companies helping to underwrite and lead this collaborative work.

Also announced today is the availability of Tern 1.0. Tern was originally contributed by VMware and is an inspection tool that finds the metadata of the packages installed in a container image. It is now able to generate SPDX. Also being released today is FOSSology 3.7, which includes the reading of SPDX headers and more than 75 percent of the source code files in the Linux kernel. And the Google Summer of Code (GSoC) interns have updated the spdx-tools libraries to support translations in Java, Python and Go. This enables other tools to smooth the import and export of SPDX documents.

“To do open source compliance well, at scale, we need to ensure the community has easy access to advanced automation and tooling,” said Will Norris, Open Source Engineering Manager at Google. “Google has invested heavily in our own compliance tooling, and we are proud to be a part of the Automated Compliance Tooling project to share our experience and expertise with the broader community. We look forward to helping make it easier for everyone using open source code to do so respectfully and in accordance with open source licenses.”

Founded in 2000, the Linux Foundation is supported by more than 1,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more. The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration.

“One of the most exciting parts of the ACT Project is its integration with pre-existing activities around the Linux Foundation Open Compliance Project,” says Shane Coughlan, OpenChain General Manager. “This includes the OpenChain Reference Tooling Work Group, with its focus on addressing real world challenges as efficiently as possible, an area where targeted investment is critical. The end result of these activities will ensure that open source tooling for open source compliance is more mature, more effective and easier to adopt for entities of all sizes.”

“Open source tools that support the Open Source compliance process have seen great progress in recent months.” says Mirko Boehm, co-founder of Endocode and the QMSTR project. “With ACT, the efforts of the community, businesses and the funding for QMSTR from the European Commission’s Horizon 2020 program come together under one roof in direct collaboration with related industry projects like OpenChain. We expect an acceleration of the development of Open Source compliance solutions and are excited to collaborate with the partners at ACT, the community and the Linux Foundation.”

“It’s a testament to the community and the importance of automating compliance in software development that ACT membership and tools development and integration are coming together to create open source integrated solutions,” said Kate Stewart, senior director of Strategic Programs at Linux Foundation. “We applaud the contributions coming in from all corners of the community and look forward to what 2020 will bring to the work.”