UPDATE ......From Tuesday 8 April 2025 we have changed the way that Single Sign-on works on this wiki. Please see here for more information:
Update
Build Trust, Ensure Compliance, and Strengthen Open Source Impact
GÉANT provides a structured certification scheme to help software development teams manage licensing, dependencies, and related risks throughout the project lifecycle. Whether your software is internal, unpublished, or openly distributed, these certificates offer clarity, traceability, and assurance.
Why Certify?
Mitigate risk early by identifying licensing, dependency, and compliance issues.
Ensure compliance with the GÉANT IPR Policy and open-source standards.
Prepare for distribution by validating licence compatibility, completeness, and transparency.
Build trust with users, contributors, and stakeholders.
Enable reuse and collaboration with verified, clear legal and metadata artefacts, and internal processes.
Available Certificates
Self-Assessed Dependencies
For early-stage or internal projects. Confirms that direct dependencies are identified and reviewed for critical vulnerabilities and mutual licence compatibility.
Self-assessment is manual or performed using a Software Composition Analysis (SCA) tool. Use of the GÉANT SCA service is encouraged.
A lightweight, scalable entry into licence governance, with focus on direct dependencies.
Verified Dependencies
For code not yet distributed or licensed. Confirms that all dependencies (both direct and transitive) are externally verified for licences and vulnerabilities.
Suitable for internal tools or teams preparing to declare a licence.
Provides stronger assurance than self-assessment but does not cover the project’s licence. Ideal preparation for distribution.
Verified Software Licence
For projects ready for distribution. Confirms that the licence has been selected, declared, and is compatible with all components.
Requires a completed Software Licence Analysis (SLA) or equivalent.
Enables compliant, low-risk public releases.
Software Licence Assurance
For actively maintained, publicly distributed projects with consistent governance. Confirms ongoing compliance supported by policies, tools, and monitoring.
Suitable for individual software projects, branded services, or groups of products.
Validates licence compliance processes and operational maturity.
OSS Community Champion (forthcoming)
For projects demonstrating sustained leadership and open-source excellence. Recognises transparency, community engagement, and transparent governance.
May be issued to individual projects or branded groups.
Signals credibility and influence. Enhances visibility through GÉANT outreach.
How to Get Certified
Select the certificate matching your project’s stage
Gather and assess information about your dependencies and licence(s)
Use the GÉANT SCA service or equivalent tools (for dependencies-focused certificates)
Complete the checklist or SLA review (for licence-oriented certificates)
Request certification via the GÉANT software governance support channel
Each certification level builds on the previous one, forming a clear path from basic risk management with Self-Assessed Dependencies to full licence governance.