The Linux Foundation Releases Free FOSS Component Tracker
As open source software continues to proliferate in businesses and large enterprises, it gets ever harder to track exactly which components are being used and whether they're being used in compliance with licenses. This is no small issue. Only a couple of years ago, Red Hat CEO Jim Whitehurst predicted that soon 100 percent of significant software platforms and applications will contain open source components. With a nod to tracking and compliance of installed open source software, The Linux Foundation has announced the availability of The Linux Foundation FOSS Bar Code Tracker. Here is how it works.
The FOSS Bar Code Tracker works via QR codes, which are increasing in popularity. Released as an open source project under the MIT license, the tracker uses an auto-generated, custom QR code for each product. The QR code contains important information on the Free and Open Source Software (FOSS) stack contained in a product, such as component names, version numbers, license information and links to download the source code, among other details.
Using the tracker, product development teams can generate their own FOSS Bills of Materials, identify FOSS components included in each product, and share product information throughout the supply chain for compliance purposes.
For companies adopting SPDX, which provides a standardized way of defining license information across vendors in the supply chain, or other standard formats for open source license components, the FOSS Bar Code Tracker provides the mechanism to load the standard file and generate the desired QR code.
“As the supply chain has gotten more distributed, the process of license compliance needs to be easy, fast and streamlined. The Linux Foundation’s new FOSS Bar Code Tracker addresses this with a tool everyone can use,” said Eben Moglen, executive director, Software Freedom Law Center, in a statement. “Automating this process will result in gains for FOSS developers, manufacturers embedding FOSS in their products, and users who want to get the most value from the products they buy.”
Along with the Bar Code Tracker, The Linux Foundation is putting a licensing panel in place to keep license tracking up to date.
With any luck, this new tracker will complement the types of open source governance and management services that players such as Openlogic and Black Duck Software provide. For more information or to download the tool and contribute to the project, visit the dedicated page.