Aaron Williamson

Every open source compliance program performs the same basic compliance processes, such as:

• evaluating new open source components for inclusion in projects
• review of products for open source compliance before release
• review of external open source contributions

In this meeting, we'll discuss the group discussed how best to capture the high-level functional requirements of common compliance tasks, with an eye toward documenting and standardizing them. We 'll look looked at two different ways to document a workflow for performing automated compliance checks via CI/CD:

• Example 1 is a written workflow drafted by Aaron Williamson for this discussion
• Example 2 is a workflow diagram produced by the OpenChain Open Source Tooling Group (and generated from source code written using the PlantUML diagram definition language)

Both examples refer to the functional components of open source compliance infrastructure documented in the diagram below and further explained in this glossary.