At Aqua, we develop leading open source security tools, which are widely adopted by the cloud native community and industry at large. To us, open sourcing our technology is more than just making its source code available, it’s about making the project widely used and encouraging people to participate. Beyond using a permissive Apache 2.0 license for this purpose, we are now changing our contributor license agreement (CLA) to make the contributing process available for everyone.
In the open source world, a project’s license covers the terms under which the software is made available to users. The license facilitates one way the software flows: from the project to its users. But what about the other way: from contributors to the project? This is where the CLA comes into play - to facilitate the terms under which contributions are made to the project.
Not every open source project has a CLA. In this case, the actual terms of contributions are left open for interpretation, which might depend on how and where the contribution was made, the license of the project, and other factors. CLAs aim to clarify this process by defining the terms under which intellectual property (IP) has been contributed to a project.
Previously, Trivy and CloudSploit were the only Aqua projects that had a CLA. We’ve received feedback that the specific terms of the CLA made it harder to contribute in some cases. Additionally, the former CLA was not corporate-friendly, so developers working for organizations that protect their employees’ IP found it difficult to contribute.
Further, our other projects (for example, Tracee and Starboard) didn’t have any CLAs, which was confusing for people who were contributing to several our projects.
Today, we are resolving these issues by simplifying our CLA, introducing a corporate CLA, and uniformly enforcing these changes across our open source portfolio.
We’d like to extend a huge thank you to all our open source contributors, and we hope that the changes in our CLA will be easy for new contributors who join. You’re welcome to check out our open source projects on GitHub.
Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and accelerate their digital transformations. The Aqua Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads, wherever they are deployed.
Aqua customers are among the world’s largest enterprises in financial services, software, media, manufacturing and retail, with implementations across a broad range of cloud providers and modern technology stacks spanning containers, serverless functions and cloud VMs.