The ClearlyDefined project was invited to give an update as part of the OpenChain webinar series. I had the opportunity to share with this global community the project’s mission: to create a global database of licensing metadata for every Open Source software component ever published. This was a great opportunity to introduce our work towards an improved governance structure.
With the heightened focus on security and compliance accelerating the move towards SBOMs everywhere, organizations will face great challenges in generating these at scale for each stage on the supply chain and for every build or release. Plus, multiple organizations will have to fix the same missing or wrongly identified licensing metadata over and over again.
This is where ClearlyDefined comes in, by serving a cached copy of licensing metadata for each component through a simple API. Organizations will also be able to contribute back any missing or wrongly identified licensing metadata, helping to create a database that is accurate for the benefit of all.
The ClearlyDefined project is working to establish a clear and open governance structure to become more welcoming towards contributors. We believe that by working together with projects that are part of the same ecosystem, like OpenChain, we can help organizations worldwide to make the Open Source supply chain more compliant and secure.
Watch the recording of the webinar
Image created by OpenChain.