Most modern software products and systems are composed of 60% to 80% open source components. Most software development teams have some basic knowledge about the major open source software components that they use, but they face very big challenges to track all OSS components, including dependencies, and their corresponding compliance obligations. The high volume and rate of change for OSS components means that you can no longer manage this with just spreadsheets.
nexB offers a range of software and services to help you automate OSS compliance. The best solution for you will depend on where you are starting from.
An organization that is still very new to OSS compliance may need to start with a Software Composition Analysis (SCA) project in order to establish baseline data for a Software Inventory. An organization that already has a current OSS Inventory may just need a better way to manage their data. And everyone needs an automated way to update their OSS component and license data for every release.
nexB offers a range of OSS compliance solutions with different combinations of software and services to fit your use case. DejaCode is our enterprise OSS compliance application where you can define your policies, record your software Inventories and BOMs and automatically generate compliance documentation like an Attribution Notice. You can easily load your existing data into DejaCode or run scans from DejaCode to get started.
We complement DejaCode with a full range of professional services if you need or want help to get started with OSS compliance. We can perform a full-service analysis of your code, assist you to perform that analysis primarily on your own or audit your existing data.
And if you have the SCA domain expertise and really want to do it all on your own, you can use nexB’s ScanCode tools which are free and open source (Apache 2.0 license) at https://github.com/nexB.