Skill

legalcode-open-source-license-compliance

Audit open-source software license compliance for any project or dependency inventory. Use when reviewing a software project for OSS license obligations before distribution, when assessing license compatibility in combined works, when evaluating copyleft obligations triggered by binary distribution or SaaS network use, when reviewing contributor license agreements (CLAs) and Developer Certificate of Origin (DCO) frameworks, when generating SBOM documentation to meet EO 14028 or EU CRA (Reg. 2024/2847) requirements, or when designing an enterprise open-source policy. Covers: license identification and classification (permissive / weak copyleft / strong copyleft / network copyleft); license compatibility analysis for combined works; attribution and NOTICE file requirements (MIT, Apache 2.0, BSD, GPL, AGPL); copyleft obligation triggers (distribution, static/dynamic linking, AGPL § 13 network use); patent grant and retaliation clause analysis (Apache 2.0 § 3, GPL v3 § 11); commercial distribution requirements; SaaS network use implications; CLA and DCO review; open-source policy framework development; SBOM generation requirements; dependency chain analysis for transitive obligations; and remediation strategies for license conflicts. Produces a compliance audit report with severity- classified findings and prioritized action items. Jurisdiction-agnostic with [JURISDICTION-SPECIFIC] markers for US, EU, Germany, and France.