Open Source compliance and licensing

Open Source compliance and licensing

Description

Simpl-Open shall ensure full compliance with open source licensing obligations for all reused or third-party components. This includes the automated generation of third-party licence documents, clear attribution of derivative code, and proper handling of multiple licence schemes (e.g., Apache 2.0, EUPL 1.2). The objective is to guarantee legal clarity, traceability, and alignment with open-source best practices.

SMART Breakdown

• Specific: Simpl-Open shall defines the actions required to ensure legal compliance for open-source reuse, including licence file generation, attribution in source code and documentation, and enforcement of licence compatibility policies.
• Measurable: Success will be measured by the percentage of relevant projects with correctly generated THIRD_PARTY_LICENSES files, clear licensing declarations in README, LICENSE, and POM.xml, and compliance reports confirming traceability.
• Achievable: These goals are achievable using the license-maven-plugin, standard licence templates (e.g., Freemarker), and CI integration to automate verification and generation during build pipelines.
• Realistic: Open-source compliance is a widespread requirement in both public and private sector software projects. It can be implemented incrementally and automated for long-term maintainability.
• Timely: The initiative shall be implemented across identified modules before their public release, with automation integrated into the build lifecycle. Compliance should be continuously monitored as part of CI/CD workflows.

Back to Simpl requirements overview