Open Source Auditing

Inventory how open source is used within your organization

Open source reveals new realms of possibilities – and opportunities for risk. Developers know they can get to value faster by using community-contributed code but organizations need to know what’s in their codebases to assure legal, compliance, and security risks are transparent and addressed.

Recently, open source licenses have proliferated, resulting in hundreds of different license options, including many similar licenses with minor modifications and non-standard licenses. Additionally, open source packages often include bundled components that have different licenses with conflicting obligations. For organizations that embed software in products, it’s difficult to prove compliance with the varying terms and conditions of these licenses. These challenges are multiplied when an organization doesn't know where open source is being used or which open source packages and licenses are included in its products.

Open source auditing gives organizations visibility into license obligations for products they distribute or share. Analyzing internally developed software for open source packages identifies the bill of materials (BOM) and bill of licenses for open source components, creating a comprehensive report to make informed decisions about distribution.

Open source auditing includes:

  • Application scan, which can be performed on a one-time or recurring basis
  • Bill of materials, which lists the embedded open source packages and associated licenses
  • Bill of licenses, which summarizes the licenses and license references included with each open source package
 

Learn more about our capabilities.