Introduction

Double Open aims to automate open source compliance for the Yocto Project.

Overview

Below is a high-level overview of the compliance workflow:

sequenceDiagram
  autonumber

  Build Environment ->> Build Environment: Build the product with Yocto, create SPDX Document for the product
  Build Environment ->> Fossology: Upload source archives of the open-source components
  Fossology ->> Fossology: Scan the source for license and copyright data
  Build Environment ->> Fossology: Query for license and copyright data with file hash values
  Fossology ->> Build Environment: Return license and copyright data for the files
  Build Environment ->> Build Environment: Populate SPDX Document with the license and copyright data
  Build Environment ->> Build Environment: Convert SPDX Document to ORT's data format
  Build Environment ->> Build Environment: Evaluate compliance with ORT's Evaluator
  Build Environment ->> Build Environment: Create notice file and report with ORT's Reporter