This repository contains reference material both directly related to the OpenChain Project and more generally to matters around license, security and other compliance topics in the open source supply chain.
The library contains over 1,000 documents. To ensure ease of navigation and our ability to adjust and improve the library structure over time, you will find that navigation is primarily guided by this README file, which acts as the starting point for all navigation.
The intention is that:
- You will enter this library at the top level of the archive
- You will use this README file as your index
- We will update the README as the library evolves
As of 2025-05-08, the library is structured in the following folders alphabetically:
- AI-SBOM-Compliance
- Open-Source-Compliance-Support-Material
- Open-Source-Policy-Templates
- OpenChain-Adoption-Guides
- OpenChain-Case-Studies
- OpenChain-Explainers-For-Internal-Teams
- OpenChain-FAQ
- OpenChain-For-Mergers-and-Acquisitions
- OpenChain-Maturity-Models
- OpenChain-Promotion-Material
- OpenChain-Standards-Self-Certification
- OpenChain-Supplier-Education
- OpenChain-Templates
- OpenChain-Training
- SBOM-Quality-Management
OpenChain has an AI Work Group. This is where you will find our work on AI compliance topics. The current focus is on AI SBOM management in the supply chain, and what type of program process points are required to manage this effectively.
There is a copy of the working document in this folder, and the active version for editing is kept here: https://docs.google.com/document/d/1XHztgMALwnu2D02bmWYyXeW3wE_Jw199/edit?pli=1#heading=h.pzcghykzc46
You are welcome to be part of this work. OpenChain AI Work Group mailing list: https://lists.openchainproject.org/g/ai
This folder contains compliance-related material non-specific to OpenChain. You may find these community contributions useful in your work.
Having an open source policy is a requirement in our standards. This folder contains some template material to get you started or to help you refine existing policies.
This folder contains guides to adopting the OpenChain standards.
This folder contains case studies from companies that have adopted OpenChain standards.
Explaining the value of OpenChain approaches to compliance process management is critical to ensure buy-in and support across an organization. We have created a series of quick explainer documents to support this.
This folder contains the official OpenChain Project Frequently Asked Questions. These are mirrored on our website.
This folder contains some material relevant to understanding OpenChain standards in the context of Mergers and Acquisitions.
Once an organization has begun to adopt OpenChain standards, the question arises of how to iterate and improve their compliance program. Maturity models or capability models are a tool to assist with this. We have one to share with you as a reference guide.
This folder contains infographics, one-pagers and introductory presentations to help organizations understand the OpenChain Project, its standards, its reference material, and the global community supporting its work.
This folder contains self-certification checklists and questionnaires to help companies easily adopt our standards. This material can also be used as a "health check" for organizations not currently using our standards.
This folder contains a leaflet designed to give suppliers a single file that takes them from "what is open source" through to the importance of license compliance, and the use of OpenChain standards.
This folder contains templates so that the community can develop new presentations or documents with the OpenChain trademarks, mascots and other images.
This folder contains our reference training slides and also the source code for our online training courses.
OpenChain has an SBOM Study Group. This is where you will find our work on SBOM-related topics. The current focus is on SBOM Quality in the supply chain, and what type of approach is required to manage this effectively.
You are welcome to be part of this work. OpenChain SBOM Study Group mailing list: https://lists.openchainproject.org/g/sbom
Our website FAQ page contains resources to get help from our project staff: https://openchainproject.org/resources/faq
We would be delighted to work with you through our Education Work Group. You will find their mailing list here: https://lists.openchainproject.org/g/education
You are encourage to open issues or pull requests online: https://github.com/OpenChain-Project/Reference-Material/issues
Most of the material in this repository is available under CC-0 licensing (effectively public domain). You will notice some exceptions with Guides (like the Telco SBOM Guide) and with case studies. These documents are not designed to be freely altered because they provide either guidance developed to consensus in our work groups, or the specific experience of companies in addressing compliance matters.