reference
#Reference
This section contains reference materials needed to build an open source management system.
Output Best Practice
This is a complete example of the output produced by the agent at each stage.
We provide 3 profiles by size (startup / small business / large company).
Check the missing items by comparing them with the results of your output/ folder.
| output | Response Agent | Go to |
|---|---|---|
| Organization (role-definition, raci-matrix, appointment-template) | organization-designer | Organizational Output |
| policy (oss-policy, license-allowlist) | policy-generator | Policy Output |
| process (usage-approval, distribution-checklist, vulnerability-response) | process-designer | Process Output |
| Education (curriculum, completion-tracker, resources) | training-manager | Education output |
| Certification (gap-analysis, declaration-draft, submission-guide) | conformance-preparer | Certification Output |
Contents to be covered (in preparation)
Tool Guide
This is an in-depth guide to free open source tools.
| tools | Content | status |
|---|---|---|
| syft | SBOM Creation Advanced | Preparing |
| cdxgen | CycloneDX Conversion Advanced | Preparing |
| Dependency Track | vulnerability management detailed settings | Preparing |
| OSV API | How to use vulnerability search | Preparing |
License
| document | Content | status |
|---|---|---|
| License Compatibility Matrix | Compatibility between major licenses | Preparing |
| SKT Open Source License Guide | Detailed Obligations | Shortcut |
Regulatory trends
| regulation | Content | status |
|---|---|---|
| EU CRA | Cyber Resilience Act Summary | Preparing |
| US EO 14028 | SBOM Mandatory Executive Order | Preparing |
| Domestic trends | Status of government guidelines | Preparing |