Open source use guidance

This is a summary of how we approach using open source at Microsoft.

Using open source in Microsoft is encouraged. Building on the efforts of others allows us to create meaningful value for our customers faster and engage with new ecosystems and user-bases in a natural way.

Take the following steps to use an open source component at Microsoft:

• Register All Open Source: Following the open source compliance policy, all open source components must be registered. You can do this two ways:
  • One Engineering System automatically registers most types of open source. Open source detectors are run and will handle the registration of open source components. Legal and security alerts will be raised with follow-up actions if there is additional work required, such as meeting legal obligations, posting to the third-party disclosures site, addressing a security issue, or if a commercial or unknown license is present.
  • For repos using certain types of open source, a Manual Registration approach or file can be used in lieu of detectors. Boutique engineering systems will need to refer to the non-standard build environments content.
• Distribution Requirements: If you plan on distributing the open source component in a Microsoft Product or Service, you must take additional steps, as guided by legal alerts, that might include NOTICE file generation and making source code available.