Common use of Software Compliance Clause in Contracts

Software Compliance. Unless explicitly agreed, software being used and developed to provide the service should: ● Be licensed under an open source and permissive license (e.g. MIT, BSD, Apache 2.0,...). ● Unless otherwise agreed, be licensed to provide unlimited access and exploitation rights to the EGI Federation. ● Have source code publicly available via a public source code repository (if needed a mirror can be put in place under the EGI organisation in GitHub14.) All releases should be appropriately tagged. ● Adopt best practices: ○ Defining and enforcing code style guidelines. ○ Using Semantic Versioning. ○ Using a Configuration Management frameworks such as Ansible. ○ Taking security aspects into consideration through at every point in time. ○ Having automated testing in place. ○ Using code reviewing. ○ Treating documentation as code. ○ Documentation should be available for Developers, administrators and end users.

Software Compliance. Unless explicitly agreed, software being used and developed to provide the service should: ● Be licensed under an open source and permissive license (e.g. like MIT, BSD, Apache 2.0,...). ● Unless otherwise agreed, be licensed to The license should provide unlimited access and exploitation rights to the EGI Federationcommunity. ● Have source code publicly available via a public source code repository repository. (if If needed a mirror can be put in place under the EGI organisation in GitHub14GitHub12.) All releases should be appropriately tagged. ● Adopt best practices: ○ Defining and enforcing code style guidelines. ○ Using Semantic Versioning. ○ Using a Configuration Management frameworks framework such as Ansible. ○ Taking security aspects into consideration through at every point in time. ○ Having automated testing in place. ○ Using code reviewingreviews. ○ Treating documentation as code. ○ Documentation should be available for Developersdevelopers, administrators administrators, and end users.

Software Compliance. Unless explicitly agreed, software being used and developed to provide the service should: ● Be licensed under an open source and permissive license licence (e.g. like MIT, BSD, Apache 2.0,...). ● Unless otherwise agreed, be licensed to provide unlimited access and exploitation rights to the EGI Federation. ● Have source code publicly available via a public source code repository repository. (if If needed a mirror can be put in place under the EGI organisation in GitHub14.) All releases should be appropriately tagged. ● Adopt best practicespractises: ○ Defining and enforcing code style guidelines. ○ Using Semantic Versioning. ○ Using a Configuration Management frameworks framework such as Ansible. ○ Taking security aspects into consideration through at every point in time. ○ Having automated testing in place. ○ Using code reviewingreviews. ○ Treating documentation as code. ○ Documentation should be available for Developersdevelopers, administrators and end users.

Software Compliance. Unless explicitly agreed, software being used and developed to provide the service should: ● Be licensed under an open source and permissive license licence (e.g. MIT, BSD, Apache 2.0,...). ● Unless otherwise agreed, be licensed Allow to provide grant unlimited access and exploitation rights to the EGI Federationupon request. ● Have source code publicly available via a public source code repository (if needed a mirror can be put in place under the EGI organisation in GitHub14GitHub15.) All releases should be appropriately tagged. ● Adopt best practices: ○ Defining and enforcing code style guidelines. ○ Using Semantic Versioning. ○ Using a Configuration Management frameworks such as Ansible. ○ Taking security aspects into consideration through at every point in time. ○ Having automated testing in place. ○ Using code reviewing. ○ Treating documentation as code. ○ Documentation should be available for Developers, administrators and end users.

Software Compliance. Unless explicitly agreed, software being used and developed to provide the service should: ● Be licensed under an open source and permissive license (e.g. like MIT, BSD, Apache 2.0,...). ● Unless otherwise agreed, be licensed to The license should provide unlimited access and exploitation rights to the EGI Federationcommunity. ● Have source code publicly available via a public source code repository repository. (if If needed a mirror can be put in place under the EGI organisation in GitHub14GitHub13.) All releases should be appropriately tagged. ● Adopt best practices: ○ Defining and enforcing code style guidelines. ○ Using Semantic Versioning. ○ Using a Configuration Management frameworks framework such as Ansible. ○ Taking security aspects into consideration through at every point in time. ○ Having automated testing in place. ○ Using code reviewingreviews. ○ Treating documentation as code. ○ Documentation should be available for Developersdevelopers, administrators and end users.

Software Compliance. Unless explicitly agreed, software being used and developed to provide the service should: ● Be licensed under an open source and permissive license licence (e.g. MIT, BSD, Apache 2.0,...). ● Unless otherwise agreed, be licensed to provide unlimited access and exploitation rights to the EGI Federation. ● Have source code publicly available via a public source code repository (if needed a mirror can be put in place under the EGI organisation in GitHub14GitHub15.) All releases should be appropriately tagged. ● Adopt best practices: ○ Defining and enforcing code style guidelines. ○ Using Semantic Versioning. ○ Using a Configuration Management frameworks such as Ansible. ○ Taking security aspects into consideration through at every point in time. ○ Having automated testing in place. ○ Using code reviewing. ○ Treating documentation as code. ○ Documentation should Making the documentation to be available for Developers, administrators and end users.

Software Compliance. Unless explicitly agreed, software being used and developed to provide the service should: ● Be licensed under an open source and permissive license licence (e.g. like MIT, BSD, Apache 2.0,...). ● Unless otherwise agreed, be licensed to provide unlimited access and exploitation rights to the EGI Federation. ● Have source code publicly available via a public source code repository repository. (if If needed a mirror can be put in place under the EGI organisation in GitHub14GitHub13.) All releases should be appropriately tagged. ● Adopt best practicespractises: ○ Defining and enforcing code style guidelines. ○ Using Semantic Versioning. ○ Using a Configuration Management frameworks framework such as Ansible. ○ Taking security aspects into consideration through at every point in time. ○ Having automated testing in place. ○ Using code reviewingreviews. ○ Treating documentation as code. ○ Documentation should be available for Developersdevelopers, administrators and end users.

Software Compliance. Unless explicitly agreed, software being used and developed to provide the service should: ● Be licensed under an open source and permissive license (e.g. MIT, BSD, Apache 2.0,...). ● Unless otherwise agreed, be licensed Allow to provide grant unlimited access and exploitation rights to the EGI Federationupon request. ● Have source code publicly available via a public source code repository (if needed a mirror can be put in place under the EGI organisation in GitHub14GitHub15.) All releases should be appropriately tagged. ● Adopt best practices: ○ Defining and enforcing code style guidelines. ○ Using Semantic Versioning. ○ Using a Configuration Management frameworks such as Ansible. ○ Taking security aspects into consideration through at every point in time. ○ Having automated testing in place. ○ Using code reviewing. ○ Treating documentation as code. ○ Documentation should be available for Developers, administrators and end users.

Software Compliance. Unless explicitly agreed, software being used and developed to provide the service should: ● Be licensed under an open source and permissive license (e.g. like MIT, BSD, Apache 2.0,...). ● Unless otherwise agreed, be licensed to The license should provide unlimited access and exploitation rights to the EGI Federationcommunity. ● Have source code publicly available via a public source code repository (if needed a mirror can be put in place under the EGI organisation in GitHub14GitHub15.) All releases should be appropriately tagged. ● Adopt best practices: ○ Defining and enforcing code style guidelines. ○ Using Semantic Versioning. ○ Using a Configuration Management frameworks such as Ansible. ○ Taking security aspects into consideration through at every point in time. ○ Having automated testing in place. ○ Using code reviewingreviews. ○ Treating documentation as code. ○ Documentation should be available for Developers, administrators administrators, and end users.

Software Compliance. Unless explicitly agreed, software being used and developed to provide the service should: ● Be licensed under an open source and permissive license licence (e.g. like MIT, BSD, Apache 2.0,...). ● Unless otherwise agreed, be licensed to provide unlimited access and exploitation rights to the EGI Federation. ● Have source code publicly available via a public source code repository (if needed a mirror can be put in place under the EGI organisation in GitHub14GitHub16.) All releases should be appropriately tagged. ● Adopt best practicespractises: ○ Defining and enforcing code style guidelines. ○ Using Semantic Versioning. ○ Using a Configuration Management frameworks such as Ansible. ○ Taking security aspects into consideration through at every point in time. ○ Having automated testing in place. ○ Using code reviewingreviews. ○ Treating documentation as code. ○ Documentation should be available for Developers, administrators and end users.

Software Compliance. Unless explicitly agreed, software being used and developed to provide the service should: ● Be licensed under an open source and permissive license licence (e.g. MIT, BSD, Apache 2.0,...). ● Unless otherwise agreed, be licensed to provide unlimited access and exploitation rights to the EGI Federation. ● Have source code publicly available via a public source code repository (if needed a mirror can be put in place under the EGI organisation in GitHub14.) All releases should be appropriately tagged. ● Adopt best practices: ○ Defining and enforcing code style guidelines. ○ Using Semantic Versioning. ○ Using a Configuration Management frameworks such as Ansible. ○ Taking security aspects into consideration through at every point in time. ○ Having automated testing in place. ○ Using code reviewing. ○ Treating documentation as code. ○ Documentation should be available for Developers, administrators and end users.

Software Compliance. Unless explicitly agreed, software being used and developed to provide the service should: ● Be licensed under an open source and permissive license licence (e.g. MIT, BSD, Apache 2.0,...). ● Unless otherwise agreed, be licensed to provide unlimited access and exploitation rights to the EGI Federation. ● Have source code publicly available via a public source code repository (if needed a mirror can be put in place under the EGI organisation in GitHub14GitHub11.) All releases should be appropriately tagged. ● Adopt best practices: ○ Defining and enforcing code style guidelines. ○ Using Semantic Versioning. ○ Using a Configuration Management frameworks such as Ansible. ○ Taking security aspects into consideration through at every point in time. ○ Having automated testing in place. ○ Using code reviewing. ○ Treating documentation as code. ○ Documentation should be available for Developers, administrators and end users.

Software Compliance. Unless explicitly agreed, software being used and developed to provide the service should: ● Be licensed under an open source and permissive license (e.g. like MIT, BSD, Apache 2.0,...). ● Unless otherwise agreed, be licensed to The license should provide unlimited access and exploitation rights to the EGI Federationcommunity. ● Have source code publicly available via a public source code repository (if needed a mirror can be put in place under the EGI organisation in GitHub14GitHub13.) All releases should be appropriately tagged. ● Adopt best practices: ○ Defining and enforcing code style guidelines. ○ Using Semantic Versioning. ○ Using a Configuration Management frameworks such as Ansible. ○ Taking security aspects into consideration through at every point in time. ○ Having automated testing in place. ○ Using code reviewing. ○ Treating documentation as code. ○ Documentation should be available for Developers, administrators and end users.

Software Compliance. Unless explicitly agreed, software being used and developed to provide the service should: ● Be licensed under an open source and permissive license (e.g. MIT, BSD, Apache 2.0,...). ● Unless otherwise agreed, be licensed to provide unlimited access and exploitation rights to the EGI Federation. ● Have source code publicly available via a public source code repository (if needed a mirror can be put in place under the EGI organisation in GitHub14.) All releases should be appropriately tagged. ● Adopt best practices: ○ Defining and enforcing code style guidelines. ○ Using Semantic Versioning. ○ Using a Configuration Management frameworks such as Ansible. ○ Taking security aspects into consideration through at every point in time. ○ Having automated testing in place. ○ Using code reviewing. ○ Treating documentation as code. ○ Documentation should Making the documentation to be available for Developers, administrators and end users.

Software Compliance. Unless explicitly agreed, software being used and developed to provide the service should: ● Be licensed under an open source and permissive license (e.g. like MIT, BSD, Apache 2.0,...). ● Unless otherwise agreed, be licensed to The license should provide unlimited access and exploitation rights to the EGI Federationcommunity. ● Have source code publicly available via a public source code repository (if needed a mirror can be put in place under the EGI organisation in GitHub14GitHub12.) All releases should be appropriately tagged. ● Adopt best practices: ○ Defining and enforcing code style guidelines. ○ Using Semantic Versioning. ○ Using a Configuration Management frameworks such as Ansible. ○ Taking security aspects into consideration through at every point in time. ○ Having automated testing in place. ○ Using code reviewing. ○ Treating documentation as code. ○ Documentation should be available for Developers, administrators and end users.

Software Compliance. Unless explicitly agreed, software being used and developed to provide the service should: ● Be licensed under an open source and permissive license (e.g. MIT, BSD, Apache 2.0,...). ● Unless otherwise agreed, be licensed to provide unlimited access and exploitation rights to the EGI Federation. ● Have source code publicly available via a public source code repository (if needed a mirror can be put in place under the EGI organisation in GitHub14GitHub12.) All releases should be appropriately tagged. ● Adopt best practices: ○ Defining and enforcing code style guidelines. ○ Using Semantic Versioning. ○ Using a Configuration Management frameworks such as Ansible. ○ Taking security aspects into consideration through at every point in time. ○ Having automated testing in place. ○ Using code reviewing. ○ Treating documentation as code. ○ Documentation should be available for Developers, administrators and end users.

Software Compliance. Unless explicitly agreed, software being used and developed to provide the service should: ● Be licensed under an open source and permissive license licence (e.g. like MIT, BSD, Apache 2.0,...). ● Unless otherwise agreed, be licensed to The licence should provide unlimited access and exploitation rights to the EGI Federationcommunity. ● Have source code publicly available via a public source code repository (if needed a mirror can be put in place under the EGI organisation in GitHub14.) All releases should be appropriately tagged. ● Adopt best practicespractises: ○ Defining and enforcing code style guidelines. ○ Using Semantic Versioning. ○ Using a Configuration Management frameworks such as Ansible. ○ Taking security aspects into consideration through at every point in time. ○ Having automated testing in place. ○ Using code reviewing. ○ Treating documentation as code. ○ Documentation should be available for Developers, administrators and end users.

Software Compliance. Unless explicitly agreed, software being used and developed to provide the service should: ● Be licensed under an open source and permissive license (e.g. like MIT, BSD, Apache 2.0,...). ● Unless otherwise agreed, be licensed to The license should provide unlimited access and exploitation rights to the EGI Federationcommunity. ● Have source code publicly available via a public source code repository (if needed a mirror can be put in place under the EGI organisation in GitHub14.) All releases should be appropriately tagged. ● Adopt best practices: ○ Defining and enforcing code style guidelines. ○ Using Semantic Versioning. ○ Using a Configuration Management frameworks such as Ansible. ○ Taking security aspects into consideration through at every point in time. ○ Having automated testing in place. ○ Using code reviewing. ○ Treating documentation as code. ○ Documentation should be available for Developers, administrators administrators, and end users.

Software Compliance. Unless explicitly agreed, software being used and developed to provide the service should: ● Be licensed under an open source and permissive license licence (e.g. e.g., MIT, BSD, Apache 2.0,, ...). ● Unless otherwise agreed, be licensed Allow to provide grant unlimited access and exploitation rights to the EGI Federationupon request. ● Have source code publicly available via a public source code repository repository. (if If needed a mirror can be put in place under the EGI organisation in GitHub14GitHub13.) All releases should be appropriately tagged. ● Adopt best practices: ○ Defining and enforcing code style guidelines. ○ Using Semantic Versioning. ○ Using a Configuration Management frameworks framework such as Ansible. ○ Taking security aspects into consideration through at every point in time. ○ Having automated testing in place. ○ Using code reviewingreviews. ○ Treating documentation as code. ○ Documentation should be available for Developersdevelopers, administrators and end users.

Software Compliance. Unless explicitly agreed, software being used and developed to provide the service should: ● Be licensed under an open source and permissive license (e.g. MIT, BSD, Apache 2.0,...). ● Unless otherwise agreed, be licensed Allow to provide grant unlimited access and exploitation rights to the EGI Federationupon request. ● Have source code publicly available via a public source code repository (if needed a mirror can be put in place under the EGI organisation in GitHub14GitHub16.) All releases should be appropriately tagged. ● Adopt best practices: ○ Defining and enforcing code style guidelines. ○ Using Semantic Versioning. ○ Using a Configuration Management frameworks such as Ansible. ○ Taking security aspects into consideration through at every point in time. ○ Having automated testing in place. ○ Using code reviewing. ○ Treating documentation as code. ○ Documentation should be available for Developers, administrators and end users.

Software Compliance. Unless explicitly agreed, software being used and developed to provide the service should: ● Be licensed under an open source and permissive license licence (e.g. like MIT, BSD, Apache 2.0,...). ● Unless otherwise agreed, be licensed to The licence should provide unlimited access and exploitation rights to the EGI Federationcommunity. ● Have source code publicly available via a public source code repository (if needed a mirror can be put in place under the EGI organisation in GitHub14.) All releases should be appropriately tagged. ● Adopt best practicespractises: ○ Defining and enforcing code style guidelines. ○ Using Semantic Versioning. ○ Using a Configuration Management frameworks such as Ansible. ○ Taking security aspects into consideration through at every point in time. ○ Having automated testing in place. ○ Using code reviewing. ○ Treating documentation as code. ○ Documentation should be available for Developers, administrators administrators, and end users.

Software Compliance. Unless explicitly agreed, software being used and developed to provide the service should: ● Be licensed under an open source and permissive license licence (e.g. MIT, BSD, Apache 2.0,...). ● Unless otherwise agreed, be licensed Allow to provide grant unlimited access and exploitation rights to the EGI Federationupon request. ● Have source code publicly available via a public source code repository (if needed a mirror can be put in place under the EGI organisation in GitHub14GitHub16.) All releases should be appropriately tagged. ● Adopt best practices: ○ Defining and enforcing code style guidelines. ○ Using Semantic Versioning. ○ Using a Configuration Management frameworks such as Ansible. ○ Taking security aspects into consideration through at every point in time. ○ Having automated testing in place. ○ Using code reviewing. ○ Treating documentation as code. ○ Documentation should be available for Developers, administrators and end users.