Codesupply
Strengthen software supply chain security with packaging metadata
More about: Guide for Applicants | Who is behind this? | Eligibility | FAQ
The first call of CodeSupply will open up on June 1st 2026, with a deadline of August 1st 2026 12:00 CEST (noon). Check out the guide for applicants and the frequently asked questions.
Open data about software packages is critical for the automation and scale necessary to resolve software supply chain management and address security and regulatory and open source compliance challenges. CodeSupply aggregates and curates comprehensive software metadata, including origin and licensing information, security vulnerabilities, and quality metrics from distributed, authoritative data sources across programming ecosystems and software types. This metadata is assembled in reference data sets, federated in a unified data catalog for digital sovereignty and independence, and distributed as open data, freely available to all, using an open source data license.
The CodeSupply project pursues three interconnected objectives that directly address data challenges in cybersecurity, software supply chain management, and regulatory and open source license compliance:
- Publish current, correct, and comprehensive software metadata
- Establish a scalable and sustainable mechanism to provide democratic access to data sets
- Create a foundational framework for future iterations, enhancements, and new data sets
Part of the budget of CodeSupply (400 000 € to be precise) is reserved for open calls to fund auxiliary free and open source efforts that are aligned with the topics and approach of the programme. These small to medium-size R&D grants are aimed at achieving practical contributions to the goals of CodeSupply. We invite your contributions to help reshape the state of play of software supply chain security, and thus contribute to creating an open, trustworthy and reliable open internet stack.
We are seeking project proposals between 5.000 and 50.000 €. We are open to new ideas and disruptive technologies on every layer, but also want to nurture and scale existing technologies that are still future-proof — we are interested in practical, real-world impact. We support independent researchers and developers and organisations work that contribute free and open source technology for a reliable software supply chain to expand the impact of the core objectives of CodeSupply, and contribute to the basis for a more open, trustworthy, and safer open internet stack.
Of course you can contribute exciting new capabilities to the software being developed elsewhere within CodeSupply, build auxiliary tools or work on user experience, but you could also be developing integrations into FOSS applications and open standards, or work on improvements of key infrastructure components for the underlying stack. Together with other initiatives within Open Internet Stack, we move forward to democratise technology and make it more resilient and secure. For that, we need your contributions.
Project results shall always become available under a recognised free or open source license. Proposals need to fit within the goals of CodeSupply and the Open Internet Stack, and should make a concrete contribution to bring that goal closer. We stimulate the creation and use of norms and standards, as these enable interoperability and redundancy in implementation, and reduce the risk of future compromise and failure. Don't be afraid to send something out of the box if you think you can contribute to the topic — it really is an open call.
The first call of CodeSupply will open up on June 1st 2026, with a deadline of August 1st 2026 12:00 CEST (noon). Check out the guide for applicants and the frequently asked questions.
Open Internet Stack
CodeSupply is part of Open Internet Stack, a nascent initiative by the European Commission to work towards an resilient operational stack of strategic technology commons worthy of trust. This initiative is trying to establish a stable and defendable foundation capable of fostering healthy and strong democracies and economies, and delivering the European vision of next generation digital infrastructures. It wants to deliver an ecosystem of deployable, scalable, and secure technologies that allow for permissionless innovation, contribute to quality of life and deliver strategic autonomy.
Open Internet Stack builds on the Next Generation Internet initiative, a multi-annual series of research and innovation programmes and associated support programmes to re-imagine and re-engineer the internet for the third millennium and beyond to shape a value-centric, human and inclusive society for all.
Through the NGI Zero grantmaking programmes and scale-ups like NGI Fediversity, NGI TALER, the Next Generation Internet initiative established a large set of trustworthy building blocks ready to be turned into reliable infrastructure, products and services.
The goal of Open Internet Stack is to provide practical tools that public administrations, SMEs, and individual users can adopt and adapt to their specific needs — delivering digital autonomy and strenghtening competitiveness. Current programmes include Restack and ELFA, several more programmes are expected to start end of 2026.
Acknowledgements
CodeSupply is made possible with financial support from the European Commission's DG Communications Networks, Content and Technology through Horizon Europe grant agreement No. 101298846.
