The Linux Foundation Projects
Skip to main content
search

Definition

The Light profile captures the minimum set of information required for license compliance in the software supply chain.This profile contains information about the creation of the SBOM, package lists with licensing and other related items, and their relationships.

Personas

This profile may be produced and consumed by everyone involved in the practical work of license compliance such as:

  • Developers and engineers
  • Procurement personnel
  • Sales personnel
  • Quality assurance personnel
  • Legal/Intellectual Property personnel
  • Auditor personnel
  • Executives and managers

Use Cases

Compliance and Licensing

Checking the license compliance status of the software components of software products or projects and changing or adding licenses as needed. This use case is intended for developers, engineers, procurement staff, legal and IP staff, etc.

Quality

Checking the license compliance status and the quality of software products. The quality assurance team can verify whether the products meet the license criteria and report any issues.

Audit

Auditing the license compliance status of software products or projects. Auditors can understand the types and numbers of licenses, the associated risks and obligations, and propose appropriate measures.

Remediation

Addressing license violations or improper use in software products or projects. The remediation team can select the appropriate package.

Sales

Providing the license compliance information of software products to customers. The sales staff can communicate the types and numbers of licenses, the associated risks and obligations, increase the customers’ trust, and facilitate the sales process.

Strategy

Overview the license compliance status of all the projects in the organization. The executives and managers can analyze the costs, risks, competitiveness, etc., and make strategic decisions.

Benefits

  • This is a compact profile that can be applied to a wide range and various types of projects.
  • Even if all entities in the supply chain are not familiar with tools, they can operate the Software Bill of Materials.
  • This profile enables comparison and verification of information against what was recorded in earlier versions of SPDX item descriptions manually.
  • By combining with other profiles, it is also possible to meet requirements such as NTIA minimum elements.
Close Menu