OSS Review Toolkit (ORT)

OSS Review Toolkit (ORT) is an open-source policy automation and orchestration toolkit that manages software dependencies by performing software composition analysis, license compliance verification, security vulnerability scanning, and copyright detection across projects using over 20 package managers including Maven, Gradle, npm, pip, and Cargo throughout the software development lifecycle. The platform combines modular tools including an analyzer for dependency mapping, scanner for license/copyright detection, evaluator for policy enforcement, and reporter for generating SBOMs in CycloneDX and SPDX formats, enabling organizations to automate Free and Open Source Software (FOSS) compliance checks, create source code archives, curate package metadata, and enforce customizable policy rules through seamless integration into CI/CD pipelines and development workflows.