Author: Technical Oversight Committee
Many of you know that the Project Lifecycle is a critical tool for foundation hosted open source project consumers to quickly evaluate the maturity of a project, while providing maintainers a trail map of how to grow such maturity. The Linux Foundation has a great blog post on this matter.
As the community and projects in FINOS have grown in maturity, value and mission-critical nature over the years, it became clear that the FINOS Project Lifecycle needed a refresh.
Last year the FINOS Technical Oversight Committee (TOC) presented the FINOS Governing Board with a plan to review and update the lifecycle to make sure it better reflects how projects actually grow, how project health should be evaluated, and how FINOS can provide clearer guidance and support at each stage. After incorporating feedback from the Governing Board and FINOS Staff, and a healthy debate within the TOC, a final proposal was brought to vote.
The result is an updated FINOS Project Lifecycle that gives maintainers and contributors a clearer path from early experimentation to long-term maturity, while setting clear expectations for maintainers at every stage. It also makes it easier for adopters to contribute new projects and understand what a project's lifecycle stage means in practice.
Why this update matters
The Project Lifecycle is one of the most critical project governance tools in the FINOS ecosystem as such the update was designed to meet the following goals:
-
Align maturity levels with the expectations of FINOS strategic stakeholders.
-
Simplify the path to collaboration while maintaining robust technical oversight.
-
Empower the TOC to efficiently drive positive change and technical excellence across the ecosystem.
-
Maximize technical outcomes by improving alignment with FINOS resources.
-
Pave a growth path for projects to gain access to coveted FINOS resources.
-
Streamline interactions between members, contributors, and the TOC.
-
Increase cross-pollination by improving communication, visibility, and understanding between projects.
the new finos project lifecycle
The new FINOS Project Lifecycle is composed of the following stages:
-
Labs: The launchpad for exploratory ideas that need a neutral, open home to prove their value.
-
Incubating: The growth phase where projects establish formal governance, roadmap discipline, and repeatable open source practices.
-
Graduated: The gold standard, where projects demonstrate high maturity, broad industry adoption, and long-term sustainability.
-
Archived: When projects are no longer maintained, but potentially still very valuable and depended on, they are clearly marked as archived.The Common Domain Model was developed in capital markets to address a similar challenge: the absence of a common, machine-readable language for describing financial products and lifecycle events.
Optionally, members may propose projects in a time-bound Forming stage before they enter the formal open source lifecycle.
These labels now map clearly to what users can expect from a project in terms of maturity, transparency, and security posture.
what changed
1. Labs is Now a Formal Lifecycle Stage
FINOS Labs is now a formal lifecycle stage with explicit acceptance and maintenance requirements.
This matters because Labs plays an important role in helping ideas form in the open before they are ready to enter the Incubating or Graduated stages. Under the updated model there is a transparent path into the FINOS ecosystem while making expectations clear from the start.
2. Active Becomes Graduated
The previous Active stage has been renamed Graduated, bringing FINOS terminology closer to the language used by other open source foundations and making the meaning of the stage more intuitive.
Graduated signals more than ongoing activity. It signals that a project has reached a higher standard of maturity in terms of quality, community, documentation, and operational readiness. The updated graduation requirements make that much more explicit.
3. Security Requirements Now Track the OpenSSF Baseline
With the 2025 release of OpenSSF’s Open Source Project Security Baseline, the community had the final elements to harmonize its approach on widely adopted upstream open source security standards.
Under the updated lifecycle:
-
Labs projects are expected to align with Maturity Level 1
-
Incubating projects are expected to align with Maturity Level 2
-
Graduated projects are expected to align with Maturity Level 3
This is a meaningful step forward. It connects FINOS project governance to an external, recognized security framework and gives maintainers a clearer roadmap for raising project health over time. It also gives adopters more confidence that lifecycle stages are tied to concrete operational and security expectations, not just labels.
4. Improved Contribution and Lifecycle Stage Transition Process
The contribution workflow is now easier to manage through the same but improved GitHub issue process thanks to the use of issue forms in the finos/community repository. The process is also now streamlined and directly mapped to lifecycle stages, ensuring that expectations are clear from day one.
The acceptance and maintenance requirements for Labs, Incubating and Graduated stages make the contribution process and lifecycle stage transitions more transparent for project teams, more understandable for community observers, and easier to evaluate consistently over time.
5. Regular TOC Health Reviews
The updated lifecycle also introduces a structured TOC-led review cadence.
Projects in the Incubating and Graduated stages should expect a TOC health review every six months. Labs projects may also be reviewed on a regular cadence. These reviews are intended to be supportive, not punitive: they create a mechanism for surfacing gaps, tracking follow-up actions, provisioning FINOS resources, and helping projects stay aligned with FINOS expectations over time.
6. Repository Badge Updates
This change will affect the badges on your GitHub repositories. The Active badge will be swapped for a Graduated one, and the links for all badges will need to be updated. We will be submitting automated PRs to update repository badges, so FINOS Maintainers should expect a PR soon!
a community effort
This update was shaped through extensive discussion across the FINOS community, including the TOC, FINOS staff, and the Governing Board. It reflects not only governance refinement, but also the practical lessons that come from supporting a growing and increasingly diverse project portfolio.
Thank you to everyone who contributed feedback, raised questions, and helped shape the new lifecycle. This update is an important step toward a clearer, healthier, and more transparent FINOS project ecosystem.
If you have any questions, please reach out to toc@lists.finos.org.
Author: Technical Oversight Committee