As open source software continues to proliferate in businesses and large enterprises, it gets ever harder to track exactly which components are being used and whether they’re being used in compliance with licenses. This is no small issue. Only a couple of years ago, Red Hat CEO Jim Whitehurst predicted that soon 100 percent of significant software platforms and applications will contain open source components. With a nod to tracking and compliance of installed open source software, The Linux Foundation has announced the availability of The Linux Foundation FOSS Bar Code Tracker. Here is how it works.
The FOSS Bar Code Tracker works via QR codes, which are increasing in popularity. Released as an open source project under the MIT license, the tracker uses an auto-generated, custom QR code for each product. The QR code contains important information on the Free and Open Source Software (FOSS) stack contained in a product, such as component names, version numbers, license information and links to download the source code, among other details.
Using the tracker, product development teams can generate their own FOSS Bills of Materials, identify FOSS components included in each product, and share product information throughout the supply chain for compliance purposes.
For companies adopting SPDX, which provides a standardized way of defining license information across vendors in the supply chain, or other standard formats for open source license components, the FOSS Bar Code Tracker provides the mechanism to load the standard file and generate the desired QR code.