Skip to main content

Open Source Terms

Effective date: April 15, 2026
Last updated: April 15, 2026

Note: This document is under legal review. Contact legal@sigmashake.com for questions.

These Open Source Terms ("OSS Terms") govern the submission and publication of Rulesets to the public SigmaShake Rules Hub (hub.sigmashake.com). They supplement and are incorporated into the Terms of Use. Capitalized terms not defined here have the meanings given in the Terms of Use.

1. Scope

These OSS Terms apply when you publish a Ruleset to the public Hub — that is, a Ruleset that is visible to and downloadable by all SigmaShake users. Private organizational Rulesets are governed by the Private Terms instead.

2. Ownership

You retain all intellectual property rights in and to the Rulesets you publish. Publishing a Ruleset to the Hub does not transfer ownership to SigmaShake.

3. License You Grant to SigmaShake

By publishing a Ruleset to the public Hub, you grant SigmaShake a worldwide, royalty-free, non-exclusive, perpetual license to:

  • Host, cache, replicate, and mirror the Ruleset on Hub infrastructure;
  • Display, serve, and distribute the Ruleset to users who install or reference it;
  • Include the Ruleset in search indexes, documentation, and promotional examples of the Hub;
  • Perform necessary format or schema migrations to maintain Hub compatibility.

This license is limited to operating and improving the Hub and the Services. SigmaShake will not relicense your Ruleset under different terms or use it outside the Services without your permission.

4. License You Grant to Other Users

You must specify a valid SPDX license identifier in your Ruleset metadata (e.g., license: MIT). That license governs other users' rights to use, modify, and redistribute your Ruleset. SigmaShake recommends:

  • Apache-2.0 or MIT — permissive use with attribution
  • CC0-1.0 — public domain dedication
  • AGPL-3.0-only — copyleft, requires derivative works to be open source

If you do not specify a license, the Ruleset is All Rights Reserved by default, and other users may not use, modify, or redistribute it without your explicit permission.

5. Your Representations

By publishing a Ruleset to the public Hub, you represent and warrant that:

  1. You own or have the necessary rights, licenses, and permissions to publish the Ruleset and to grant the licenses in Sections 3 and 4.
  2. The Ruleset does not infringe any third-party intellectual property rights, including patents, copyrights, trademarks, and trade secrets.
  3. The Ruleset does not contain malware, backdoors, deliberately obfuscated logic, or code designed to harm systems or users.
  4. The Ruleset metadata (name, description, tags) is accurate and not misleading.
  5. The Ruleset complies with the Hub Content Policy in Section 4 of the Acceptable Use Policy.

6. Moral Rights

You retain moral rights in your Ruleset to the extent those rights cannot be waived under applicable law. Publishing your Ruleset does not require you to waive attribution. SigmaShake will display the author information you provide in your Ruleset metadata.

7. Takedown

SigmaShake reserves the right to remove any Ruleset from the Hub that violates these OSS Terms, the Acceptable Use Policy, or applicable law. For the full takedown and dispute process, see our Unpublish Policy and Copyright Policy.

If your Ruleset is removed, we will notify you by email and provide a reason, unless doing so would compromise an ongoing legal or security investigation.

8. No Warranty from SigmaShake

SigmaShake does not endorse, certify, or warrant the quality, security, or fitness-for-purpose of any Ruleset published to the Hub by third parties. You use third-party Rulesets at your own risk. Always review Rulesets before deploying them in production environments.

9. Termination of Hosting

Your Ruleset will remain hosted on the Hub as long as your Account is active and the Ruleset complies with these OSS Terms. You may remove your Ruleset at any time from the Hub dashboard. Upon removal or Account termination, the Ruleset will be unpublished from the Hub. Note that users who have already installed or forked the Ruleset under its specified SPDX license retain the rights granted by that license.

10. Changes

SigmaShake may update these OSS Terms to reflect Hub feature changes or legal requirements. Material changes will be communicated at least 14 days in advance. Continued publication of Rulesets after the effective date of changes constitutes acceptance.

Contact

Questions about Hub publishing: privacy@sigmashake.com
Abuse or takedown requests: abuse@sigmashake.com