OSS License Audit and Remediation Plan for a Series-B Dev-Tools Startup
Overview
What this challenge is about.
Receive an SBOM (Software Bill of Materials) from the build pipeline (CycloneDX JSON) for 14 services and 3 SDKs. Run automated classification (Syft + ScanCode or FOSSA), then manually review the top 80 risk items. Identify: AGPL in customer-facing SDKs, GPL static linking, custom or unknown licenses, and CLA-incompatible dependencies. Produce a policy (which licenses are allowed where: SDK vs. service vs. internal tool), and a 60-day remediation plan (replace, dual-license, request relicensing, accept-with-exception). Deliver: 16-page audit, 6-page OSS license policy, 60-day plan with named owners, and an acquirer-friendly summary memo.
The Brief
What you'll do, and what you'll demonstrate.
Audit 1,400 OSS dependencies for license risk and produce an acquirer-ready remediation plan executable in 60 days.
Earning criteria — what you'll demonstrate
- Read and classify OSS licenses against use context (SDK vs. service)
- Operate SBOM tooling end-to-end (CycloneDX + Syft)
- Design a license policy that engineers can apply in PR review
- Produce a diligence-ready remediation plan a CFO can defend
Program Fit
Where this fits in your program.
Sharpens the same skills your degree expects you to demonstrate.
Skills
Skills you'll demonstrate.
Each one shows up on your verified credential.
Careers
Roles this prepares you for.
Real titles. Real skill bridges. Pick the one closest to your trajectory.
Career mappings coming soon.