Home Consulting Products Open Source About Jobs Book a call
Open Source

We maintain, contribute to,
and help govern the projects
that matter.

Clewline is not a consumer of open source. We are an active participant in the infrastructure, governance, and security tooling that the broader ecosystem depends on.

Our projects

temporal-security-scanner

Go · YAML · GitHub Actions

Security compliance scanning for Temporal workflow definitions. Apache 2.0 licensed. Contributions welcome.

More coming soon

Watch this space

Additional tooling in AI governance and supply chain security is in preparation. Follow us on GitHub for updates.

Community contributions
Linux Foundation CCC
Technical Community Architect
Governance coordination across member organisations including Microsoft, NVIDIA, ARM, and TikTok. Leading technical working groups on attestation, workload identity, and AI confidential computing use cases.
CHAOSS
Co-maintainer, Data Science WG
Co-maintaining the Data Science Working Group, developing metrics and tooling for open source community health analysis. Focus on making community health data actionable for project governance decisions.
OpenSSF
Contributor
Contributions to OpenSSF Scorecard and SLSA framework implementations. Working group participation on software supply chain security standards and tooling interoperability.
OpenUK
International Ambassador · Cybersecurity Advisory Board
Representing UK open source interests internationally. Advisory board member contributing to UK open source security policy recommendations and public guidance.
How to contribute

Work with us in the open.

Each project has a CONTRIBUTING.md that describes the process for raising issues, proposing features, and submitting pull requests.

We welcome contributions from practitioners, especially those with domain knowledge in security, compliance, and AI governance. Good first issues are labelled in each repository.

Governance values

Maintainership is a long-term commitment.

We take project governance seriously: clear contribution guidelines, timely issue responses, transparent roadmaps, and long-term maintainability over velocity. We don't abandon projects we've asked people to depend on.