ClearlyDefined: recapping a year of progress and sharing a vision for 2024

At the beginning of 2023, I started as a community manager for ClearlyDefined, with the goals of creating an open governance model for the project and helping the OSI to establish a neutral infrastructure to foster collaboration among multiple stakeholders. Thanks to the amazing work from our community members, a lot of progress has been made in 2023, but there’s still a lot of work ahead of us. In this post, we would like to highlight some milestones achieved this past year and acknowledge some individuals who have contributed to the project. We would also like to share a vision for 2024 and invite all organizations who care about the Open Source supply chain to become involved.

ClearlyDefined is an Open Source project and service that aims to serve as a global database of licensing metadata for every software component ever published. It was originally developed and used by Microsoft and it’s now in use at companies like GitHub, SAP, and Bloomberg, as well as Open Source projects like the Linux Foundation’s GUAC and ORT (OSS Review Toolkit). At the beginning of 2023, Open Source Initiative took over as community steward of the project.

In the first quarter, outstanding work was developed by Manny Martinez (Microsoft) in collaboration with Qing Tomlinson (SAP) to optimize ClearyDefined’s back-end, particularly the database. This work has resulted in a 10-fold decrease in terms of database size and costs.

In the second quarter, GitHub added 17.5 million package licenses sourced from ClearlyDefined to their database, expanding the license coverage for packages that appear in dependency graph, dependency insights, dependency review, and a repository’s software bill of materials (SBOM).

In the third quarter, we saw greater collaboration between GitHub and SAP spearheaded by E. Lynette Rayle and Qinq Tomlinson. They are making improvements to the documentation and  process of running a local ClearlyDefined harvest and sharing the licensing metadata with other harvesters.

In the fourth quarter, we saw various members currently using ClearlyDefined and new members alike coming together to create a unified vision for the project. Thomas Steenbergen, co-founder of ClearlyDefined and ORT, has come forward to help lead this effort. Key goals for ClearlyDefined in 2024 include:

• Publishing periodic releases and switching to semantic versioning
• Bringing dependencies up to date (in particular using the latest scancode)
• Improving the NOASSERTION/OTHER issue (please check this analysis by Aleksandrs Volodjkins to learn more)
• Advancing usability and the curation process through the UI 
• Enhancing the documentation and process for creating a local harvest

ClearlyDefined’s mission is to help organizations to collaboratively achieve accurate licensing metadata (oftentimes part of SBOMs) at scale, for each stage on the supply chain, for every build or release. If your organization is interested in achieving better compliance and security of the Open Source supply chain, please consider joining ClearlyDefined. We are still working to consolidate a roadmap for 2024, and this is a great time to join the project and learn more about how ClearlyDefined can help your organization.