Abstract: To address the security vulnerabilities, license compliance issues, and supply chain risks introduced by the deep integration of open-source software in the construction of railway information systems, this paper proposed the design and application of a railway open-source software governance platform. Adopting a "multi-level deployment, hierarchical usage" architecture, the platform established a full-lifecycle management system covering the introduction, usage, emergency response, and retirement of open-source software. Through key technologies such as dependency analysis, community activity evaluation, and binary file scanning, the platform implemented precise risk identification and closed-loop handling. Practical application shows that the platform has achieved significant results in the governance of compliant and secure use of open-source software within China railway ticketing and reservation system, and provides a feasible technical solution and practical paradigm for supply chain security management in the railway software domain.