OSSReceipt

OSSReceipt is an open-source compliance tracker that generates “audit-ready” evidence for your software supply chain. It scans your repos and build artifacts to create a signed, time-stamped record of dependencies, licenses, notices, and policy decisions—then bundles it into a simple compliance packet you can hand to customers, procurement, or legal. Unlike heavyweight GRC tools, it focuses on the painful last mile: producing consistent, repeatable proof (SBOM + notices + exceptions + approvals) for each release. It supports GitHub/GitLab CI, container images, and common package ecosystems, and keeps a history of what changed between releases. It’s realistic: it won’t magically interpret every edge-case license, but it will make your process defensible, faster, and less error-prone. Monetization can be hosted SaaS, enterprise support, and private policy packs while keeping the core open source.