DejaCode
"Used code, better than new"
The nexB team has provided open source and quality code analysis to support acquisition due diligence and pre-release audits for several years. We have developed tools, techniques and processes over time with customers such as Motorola, Mercury, HP, Wind River, Samsung, for more than 50 audit projects.
We primarily use our own product, DejaCode™ for the audit but we can use commercial tools as well by customer request.
Our approach includes several layers of tools:
- Automated scan for license and copyright text
- Automated scanning and matching of code to our open source code repository to support origin detection
- Automated analysis of software interaction patterns
- Automated binary to source mapping
The primary goal of DejaCode™ is to determine the origin of code automatically.
Given a code directory, DejaCode™ will automatically produce a report that lists every file or directory of a known origin.
For each of those files and directories, additional information provided includes:
- The license
- The origin name, home page, and download location
- Whether a piece of software has been re-used as is or has been modified
Benefits
- Lower cost for audit software and services
- Faster audits from smarter automation
- Closed loop validation that you have audited what you deploy (ship)
- Simpler and cheaper to audit new releases