by Lisa Noeth & Mirko Boehm | December 4, 2017
Auditing and documenting Open Source license compliance is a strict requirement for any software vendor or device manufacturer. Open Source licenses commonly require products to be accompanied with offers to provide the full corresponding source code, authors to be attributed, and other documentation. In addition to that, Open Source license compliance needs to be audited continuously, for each build, along the complete supply chain of the product. These challenges are various and well known in the IT industry. And while they are such general knowledge, somehow, the only market solutions are prorietary, closed source and very costly.
In the last couple of months a team at Endocode has been working on setting up a collaborative project to build a workflow toolchain for Open Source compliance that is itself free and Open Source software, called quartermaster. We believe that build-time analysis is the right approach to document license compliance in software products. Over the summer, we built and demonstrated a proof of concept for an approach that should work with most make-based build systems while requiring minimal or no modifications to existing source code. After discussing neeeds and collecting requirements with many industry and community partners, we began working on a functioning prototype two weeks ago. Today we are releasing the current development state of it to the Github project. The code is work in progress and in an early stage. Nevertheless we want to give everybody interested the opportunity to collaborate with us, and to follow the project.
quartermaster is not trying to be a new license scanner. After learning the metadata about the software being built, it integrates existing tools to perform such tasks. The prototype at the moment uses Ninka. We plan to create similar integrations for ScanCode and Fossology Nomos so that they can be used side-by-side.
Development on the prototype will continue for two more sprints until January 16, 2018. We will release our code in the process. Development on the prototype will then end and transition into the development of the first product version during Q1/2018. To get notifications about community hangouts, sprint reports and other updates, please use the contact form on the quartermaster web site (or follow the project on Twitter, Github or join our Slack conversations).