Open Source Compliance

Open Source Compliance Tools

SPDX expression validators, license compatibility checkers, CycloneDX SBOM validators, and supply chain reference tools that run entirely in your browser.

🔒 Browser-only — no data sent ⚡ Zero account required 📦 10 free tools

spdx

SPDX Expression Validator→

Validate SPDX license expression syntax — AND, OR, WITH operators and LicenseRef identifiers.

licensing

License Compatibility Checker→

Check whether two open source licenses are compatible for your use case.

sbom

CycloneDX SBOM Validator→

Validate CycloneDX SBOM structure against v1.4 and v1.5 JSON schema.

supplychain

SLSA Level Reference→

Look up SLSA level requirements, provenance format, and implementation guidance.

licensing

npm License Auditor→

Audit npm package licenses for compliance risk before adding dependencies.

spdx

REUSE Compliance Checker→

Validate REUSE specification file header format for SPDX copyright and license identifiers.

licensing

OSI License Reference→

Search all OSI-approved licenses with type, GPL compatibility, and patent clause status.

supplychain

Go Module Path Validator→

Validate Go module paths and check major version suffix requirements.

supplychain

Supply Chain Risk Reference→

Reference guide to software supply chain attack types, mitigations, and tooling.

sbom

SBOM Format Comparator→

Compare CycloneDX and SPDX SBOM formats for NTIA, EU CRA, and VEX compliance.