Logo
Submit a request
Sign in
  1. TrustSource Knowledgebase
  2. Open Source Risk & Compliance Management

Open Source Risk & Compliance Management

In this section you will find backgrounds and general information on management of risks associated with the usage of open source components. Due to the legal risk associated with the usage and application open source compliance this topic is the main focus. Besides the conceptual and methodological background this section will guide you to links on the how-to documentations explaining how to achieve a given task or goals within TrustSource. If you already are familiar with the tasks associated while managing open source risks or compliance, please select any of the sections FAQ, how to (step-by-step explanations) or features explained.

Frequently asked questions

  • Q: Is it necessary to apply for an OSI-approved license to publish OSS?
  • Q: Are the license terms of a product unrelated to the license terms of OSS?
  • Q: Does the OSS disclaimer remain valid even if OSS is incorporated into the product?
  • Q: Is it possible to use the sample code published in OSS books?
  • Q: Can I use documents or diagrams on OSS for my product under the OSS license?
  • Q: Can I use it within my company, even if commercial use is prohibited?
See all 52 articles

TrustSource Concepts

  • How do projects and components relate?
  • Understanding the Concept of Approvals
  • Understanding the Concept of Releases
  • Understanding Policies / Allow & Deny Lists
  • Understanding the Concept of Infrastructure Modules

Manage vulnerabilities

  • The process of vulnerability management
  • Understanding vulnerability management
  • Working with the new Vulnerability Report

Manage legal compliance

  • Understanding the legal setup determining license suitability
  • Managing Allow- and Deny-Lists
  • Enforce Allow-listing
  • Creating an open source policy
  • Upload and distribute the policy to your organization
  • Invite colleagues and organizational members
See all 8 articles
TrustSource Knowledgebase