Case study: enhancing SBOMs with cdsbom at the Linux Foundation
A Linux Foundation case study on using cdsbom to enhance SPDX SBOMs with license data from ClearlyDefined for better compliance and transparency.
clearlydefined
ClearlyDefined: 2024 in review – milestones, growth and community impact
As 2024 draws to a close, it’s time to reflect on a transformative year for the ClearlyDefined project. From technical advancements to community growth, this year has been nothing short of extraordinary. Here’s a recap of our key milestones and how we’ve continued to bring clarity to the Open Source ecosystem.
Improving Open Source security with the new GitHub Secure Open Source Fund
Launched with a $1.25 million commitment from partners, the GitHub Secure Open Source Fund is designed to address a critical issue: the often-overlooked necessity of security for widely-used Open Source projects.
ClearlyDefined v2.0 adds support for LicenseRefs
We are excited to announce the release of ClearlyDefined v2.0 which adds over 2,000 new well-known licenses it can identify. You can see the complete list of new non-SPDX licenses in ScanCode LicenseDB.
ClearlyDefined at SOSS Fusion 2024: a collaborative solution to Open Source license compliance
The Open Source Initiative in collaboration with GitHub and SAP presented ClearlyDefined at SOSS Fusion.
ClearlyDefined’s Steering and Outreach Committees Defined
We are excited to announce the newly elected leaders for the ClearlyDefined Steering and Outreach Committees!
GUAC adopts license metadata from ClearlyDefined
The software supply chain just gained some transparency thanks to an integration of the Open Source Initiative (OSI) project, ClearlyDefined, into GUAC (Graph for Understanding Artifact Composition), an OpenSSF project from the Linux Foundation.
Better identifying conda packages with ClearlyDefined
ClearlyDefined now provides a new harvester implementation for conda, a popular package manager with a large collection of pre-built packages for various domains, including data science, machine learning, scientific computing and more.
Beyond SPDX: expanding licenses identified by ClearlyDefined
ClearlyDefined now supports non-SPDX licenses. Scancode already provides this functionality and it offers mapping from these non-SPDX licenses to the SPDX LicenseRef. Organizations using ClearlyDefined now have the option to decide how to handle non-SPDX licenses based on their own needs.
Unveiling ClearlyDefined: this free SBOM service gets cleared for takeoff
With all the buzz around SBOMs and Open Source supply chain compliance and security, a new revolution is igniting at ClearlyDefined. This amazing project has been flying under the radar…
ClearlyDefined at the ORT Community Days
Once again Bosch’s campus in Berlin received ORT Community Days, the annual event organized by the OSS Review Toolkit (ORT) community. ORT is an Open Source suite of tools to automate software compliance checks.
Three perspectives from FOSS Backstage
FOSS Backstage is a conference that fosters discussions around three complementary perspectives: a) community health and growth, b) project governance and sustainability, and c) supply chain compliance and security.