Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Section
Column
width100%
Panel
borderColor#0052CC
titleColorwhite
borderWidth0
titleBGColor#a3c1ad
borderStylesolid
HTML
<link href="https://fonts.googleapis.com/css2?family=Poppins:wght@400;600&display=swap" rel="stylesheet">

<style>
  body, html {
    margin: 0;
    padding: 0;
  }

  .table-wrapper {
    width: 100%;
    overflow-x: auto;
    -webkit-overflow-scrolling: touch;
    background-color: #f9fbfd;
    padding: 0;
    margin: 0;
  }

  table.simple-table {
    width: 100%;
    border-collapse: collapse;
    font-family: 'Poppins', sans-serif;
    font-size: 12px;
    min-width: 600px;
    color: #2c3e50;
    background-color: white;
    border-radius: 8px;
    box-shadow: 0 3px 10px rgba(0,0,0,0.1);
  }

  table.simple-table th, table.simple-table td {
    border: 1px solid #e0e6ec;
    padding: 6px 8px;
    text-align: left;
  }

  table.simple-table thead {
    background-color: #3a79f7;
  }

  table.simple-table thead th {
    font-weight: 600;
    font-size: 12px;
    color: white !important;
    white-space: nowrap;
  }

  /* Značajno sužena prva kolona */
  table.simple-table th:first-child,
  table.simple-table td:first-child {
    width: 0.1%3%;
  }

  table.simple-table tbody tr:nth-child(even) {
    background-color: #f4f7ff;
  }

  table.simple-table tbody tr:hover {
    background-color: #dbe6ff;
  }

  table.simple-table tbody td:first-child {
    font-weight: 600;
    color: #1f3c88;
    white-space: nowrap;
  }
</style>

<div class="table-wrapper">
  <table class="simple-table">
    <thead>
      <tr>
        <th>Aspect</th>
        <th>Self-Assessed Dependencies</th>
        <th>Verified Dependencies</th>
        <th>Verified Software Licence</th>
        <th>Software Licence Assurance</th>
      </tr>
    </thead>
    <tbody>
      <tr>
        <td>Purpose</td>
        <td>Entry-level self-assessment of direct dependencies</td>
        <td>External verification of all dependencies, without requiring a licence</td>
        <td>Confirms appropriate licence choice and full compliance</td>
        <td>Mature, ongoing governance of licences and dependencies</td>
      </tr>
      <tr>
        <td>Suitable For / Scope</td>
        <td>Early-stage projects, internal tools, initial governance</td>
        <td>Projects nearing release without a licence; internal tools</td>
        <td>Software ready for public release, distributed or externally available</td>
        <td>Actively governed OSS projects committed to compliance</td>
      </tr>
      <tr>
        <td>Validation</td>
        <td>Developer self-assessment; no external validation</td>
        <td>Verified by Licence Management Team using SCA or equivalent</td>
        <td>Reviewed by Licence Management Team via SLA service or structured process</td>
        <td>Licence Management Team review following internal audit; ongoing monitoring</td>
      </tr>
      <tr>
        <td>Effort Level</td>
        <td>Low – basic analysis documenting direct dependencies</td>
        <td>Medium – full external dependency verification</td>
        <td>High – detailed analysis and artefact creation</td>
        <td>Very high – continuous governance and validation</td>
      </tr>
      <tr>
        <td>Licence Declaration</td>
        <td>Not required</td>
        <td>Not required</td>
        <td>Required</td>
        <td>Required, with full compliance framework</td>
      </tr>
      <tr>
        <td>Dependencies Coverage</td>
        <td>Direct only; transitive optional</td>
        <td>All, including transitive; mutually compatible licences</td>
        <td>All verified, compliant and compatible with chosen licence</td>
        <td>All validated through CI/CD integration</td>
      </tr>
      <tr>
        <td>Requirements</td>
        <td>Listed in Software Catalogue; identify direct dependencies; mutually compatible licences; no critical vulnerabilities or licence violations</td>
        <td>As left, extended to all dependencies</td>
        <td>As left, plus GÉANT-approved licence; correct artefacts; licence in documentation, Software Catalogue, repository metadata, and website</td>
        <td>As left, plus designated compliance officer; CI/CD-integrated SCA tools; licence monitoring; contributor onboarding; tool maintenance; audits; documented processes</td>
      </tr>
      <tr>
        <td>Artefacts</td>
        <td>Internal list of direct dependencies and licences; optional NOTICE or README</td>
        <td>SCA report listing licences and vulnerabilities</td>
        <td>As left, plus LICENSE, COPYRIGHT, README, NOTICE, CHANGELOG, CONTRIBUTING</td>
        <td>As left, plus compliance records; suggested SBOM</td>
      </tr>
      <tr>
        <td>Certification Process</td>
        <td>Submit notification</td>
        <td>Submit dependency report</td>
        <td>Submit after SLA review and artefact finalisation</td>
        <td>Provide repository access, documents, and audit evidence</td>
      </tr>
      <tr>
        <td>Governance & Maintenance</td>
        <td>Maintained by developers; occasional checks possible</td>
        <td>Maintained by developers; reviewed by Licence Management Team; occasional checks</td>
        <td>Maintained by developers; reviewed at certification; occasional checks</td>
        <td>Continuous maintenance; designated compliance officer; biennial audits; occasional checks</td>
      </tr>
      <tr>
        <td>Validity Period</td>
        <td>5 years (renewable)</td>
        <td>5 years (renewable)</td>
        <td>Indefinite (unless revoked)</td>
        <td>Indefinite (with biennial audits)</td>
      </tr>
      <tr>
        <td>Revocation Triggers</td>
        <td>Missing dependencies; licence conflicts; critical vulnerabilities; unresolved complaints; non-responsiveness</td>
        <td>As left, for all dependencies</td>
        <td>As left, plus unapproved licence changes; incorrect artefacts; non-compliance; distribution violations</td>
        <td>As left, plus outdated tools/processes/documents; ignored errors; failed audits; not maintained practices; misrepresentation of compliance</td>
      </tr>
      <tr>
        <td>Limitations</td>
        <td>Self-assessment only; not validated; no distribution permission; no licence selection</td>
        <td>No distribution permission; no licence selection</td>
        <td>Not a legal audit; excludes patents, export controls, and data protection</td>
        <td>Not a legal or security audit; unsuitable for prototypes; requires sustained adherence and collaboration</td>
      </tr>
    </tbody>
  </table>
</div>



...