Build System Integration

QMSTR integrates into the build systems to learn about the software products, their sources and dependencies.

DevOps CI/CD

Quartermaster integrates into DevOps CI/CD cycles and makes FOSS Compliance a quality metric for developers.

Command line toolchain

Developers can run QMSTR locally to verify outcomes, review problems, or integrate it into test suites.

Open Compliance Program

Quartermaster collaborates with the SPDX and OpenChain projects to streamline and complement the Open Compliance Program.

Powerful Integrations

Quartermaster provides APIs and hooks for free and commercial tools to perform analysis and implement metrics.

Free as in Freedom

Critical FOSS Compliance infrastructure needs to be FOSS, and collaboratively developed. That is why Quartermaster is distributed under a strict copyleft FOSS license.

Recent posts

Learn more about Quartermaster and FOSS Compliance tooling.

Quartermaster Sprint 4.1 Development Report: Go, Java and Python integration libraries

on February 20, 2019

The key goal of QMSTR milestone 4 is to stabilize the APIs and streamline the documentation and tutorials to prepare the integration with the development work that takes part in the FASTEN project and in ACT. To prepare for that, sprint 4.1 focused on refactoring the integration libraries for Go, Java and Python that developers use to create QMSTR modules and client side tools. These libraries help users to create diverse sets of modules and client side code to fit their needs, and facilitate the integration with various services like CI/CD environments.

Continue reading

Quartermaster Milestone 3 Development Report: C++, Linux, CCache

on February 7, 2019

Version 0.3 of Quartermaster was tagged on February 1, 2019. It includes improvements to allow for example the Linux kernel, glibc and openssl as projects under analysis. It delivers support for snapshots of the knowledge graph, which allows rolling back changes to a known state, as well as support for source code in assembly language. It improves the support for ccache, ar, ld and objcopy, and for analyzing source code elements that are generated during the build and are not part of the original source code package. Quartermaster is Free and Open Source software and developed under a collaborative open governance model. As usual, the source code is available on Github. Read more for all the details on the new release.

Continue reading

Quartermaster Milestone 2 Development Report: Python client modules, SPDX, more automation

on August 8, 2018

After another quarter of intense software development, we are proud to announce the availability of Quartermaster v0.2. Quartermaster is a toolchain that automates the analysis and documentation of Open Source license compliance. Software vendors - businesses as well as Open Source communities - deploy Quartermaster in their build pipelines to create compliance documentation while software package share being created. With the new version, Quartermaster learns to ingest SPDX formatted source code manifests, adds a client library for developing analyzer or reporter modules in the Python programming language, adds support for running multiple build processes on the same hardware concurrently, and much more. Quartermaster is Free and Open Source software and developed under a collaborative open governance model. Get the source code from Github while it is hot! Read more for all the details on the new release.

Continue reading

Quartermaster Milestone 1 Development Report: Voilà, a modular, extendable FOSS Compliance Toolchain

on April 25, 2018

Version 0.1 is here. After a proof-of-concept, plenty of drafting, feedback and discussions, a prototype, and finally three months of development focused on creating a useful product, we are tagging a first version of Quartermaster. The theme of the first version was to implement the toolchain basics: the compliance knowledge graph, the master container, the elemental workflow with a construction, analysis and reporting phase, and the APIs for modules to interact with the knowledge graph in each of these phases. There are public showcases that demonstrate the functionality implemented so far. After gathering functional and legal requirements, the team will now move on to milestone 2, where we will focus on making use of the building blocks from the first version to implement badly needed functions of generating license compliance documentation - an SPDX manifest analyzer, integration with Fossology, and features to aggregate analysis results from different sources into reports.

Continue reading