SBOM Starter Kit: Get Your Copy

Auditing Your Company's Use of Open Source: Checklist for Creating an Open Source Compliance Program

By submitting, I agree to receive periodic emails from FOSSA related to products and services and can unsubscribe at any time. I accept the FOSSA Privacy Policy.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

FOSSA has partnered with leaders in open-source from foundations like OpenChain and Open Source Program Office experts from companies like Uber, Verizon Media, Ford, and TDAmeritrade to assemble and share these best practices in developing open source compliance programs.

Modern technologies that form the backbone of major technological innovations all have roots in open source — from microservices to agile CI/CD, from digital transformation to artificial intelligence (and we could go on). From lowering the total cost of ownership (and decreasing time to market) to improving development practices and product quality, open-source comes with clear benefits to your business.

Creating an Open Source Compliance Program: Auditing Your Company’s Use of Open Source discusses:

  • The checklist you need to create, run and maintain an Open Source Compliance Program
  • The creation of your Open Source Compliance policies
  • Initiating your compliance program rollout
  • Iterating and expanding your program across new products and business units

FOSSA is a leading application security and compliance platform that specializes in helping engineering teams deliver trusted software.

FOSSA enables companies to prioritize real vulnerabilities in their open source software with comprehensive SCA (software composition analysis) capabilities, while also making it possible for organizations to automate compliance reporting and SBOM (software bill of materials) lifecycle management to meet customer and regulatory requirements.

Founded in 2015, FOSSA is trusted by thousands of global organizations, has been downloaded nearly two million times, and has conducted nearly 100 million scans of open-source software.