Interested in open source license and security compliance? Join us for a one-day workshop for developers and users of open source compliance tools on Friday, January 30th, 2026 in Brussels just before FOSDEM 2026.

Our goal is for open source developers, users, and contributors to exchange requirements, plans, and collaboration opportunities around FOSS tools for software provenance detection, vulnerability management, license detection and regulatory compliance like CRA, code scanning, package dependency analysis, container analysis, SBOM creation and consumption, and license or vulnerability databases - basically, all the tools you need to figure out which FOSS code you use, where it is from, what is its license, how to comply with the license, and whether it contains vulnerable code.

Previous attendees include developers from ORT, ScanCode, ClearlyDefined, FOSSology, Tern, FSFE REUSE, SW360, BANG, Hermine, Opossum, SPDX tools, DoubleOpen, OpenChain, and AboutCode projects along with users from leading technology and industrial companies, open source foundations, and government institutions worldwide. Whether you are a developer or user interested in the tools for Software Supply Chain and SBOMs, a FOSS license-savvy lawyer, a compliance or security analyst, or an OSPO member: you will be warmly welcomed.

Schedule – All times CET (UTC+1)

The day will be split in two:
1) The morning will focus on tool developers to announce and share their plans, and discuss opportunities for collaboration across projects.
2) The afternoon will focus on tool users to share their concerns, problems and requirements, and address these in the represented projects.

8:30 Registration with coffee and light breakfast

9:00 Welcome and introductions

9:30 FOSS compliance tool developers, present your plans!

Each open source project will present their plans for releases and upcoming features with a 5 minute lightning talk.
We likely already know what your tool does, though a short intro is OK. We will use flip charts, big post-its, and markers to support the presentations and discussions – there will not be a projector/beamer, so do not plan for it.

11:15 Discuss collaboration opportunities

How can we work together to overcome shared challenges, and make tools interoperable and compatible so we can deliver better value to all our users?

12:15 Lunch break

This is funded by attendees and our generous sponsors!

13:15 FOSS compliance tool users, give us your requirements!

Each user presents their concerns, problems and requirements

15:00 Coffee break

15:30 Discuss collaboration and joint development opportunities

16:30 Workshop conclusion and recap

17:00 Drinks at rooftop bar (inside)

Any questions? Email adam@aboutcode.org.


Everyone attending the workshop is expected to follow the AboutCode Code of Conduct: https://github.com/aboutcode-org/workshop/blob/main/CODE_OF_CONDUCT.rst