Linux Foundation Launches Automated Compliance Tooling (ACT) Project

LinuxGizmos reports that the Linux Foundation has launched a project Automated Compliance Tooling (ACT). ACT is an umbrella project for FOSS compliance tools like Fossology, Quartermaster and SPDX.

Fossology is a copyright and license scanner that works on the source code (see my recent post Seminar “Open-Source Management in Software Supply Chains” for a very brief overview). It creates FOSS compliance reports that licensees must pass along with the source code of FOSS packages to customers.

Quartermaster also yields FOSS compliance reports, but it digs deeper than Fossology. Quartermaster hooks into the build process. It finds exactly the packages an executable or library depends on: no extra efforts by checking irrelevant packages. It also finds packages, for which the source code is downloaded during the build. Fossology cannot detect these packages.

SPDX is a file format for exchanging licensing and copyright information. It also standardises the names of FOSS licenses.

Scroll to top