WhiteSource identifies all open source components and licenses, points out potential risks, and shows you how to comply
Open source components come with a license which you have to comply with to avoid legal and business risks.
Do you know what open source components are in your product? Do you know what their licensing terms are (including dependencies*)?
A recent WhiteSource study, covering 3,000 commercial software projects, showed that in most cases there is a significant gap between what open source developers they used, and what was actually in their product.
*Dependencies – most open source components use other open source components. Unfortunately, these components may come with a different license. For you, it means that you need to track and manage the license of the open source components that you use, and the open source components that they use, and the open source components that they use...
In our recent study we discovered that in 64% of the cases, dependencies had a license different from the open source component that uses them.
Here’s how WhiteSource helps you manage open source compliance:
Complete open source inventory for each of your projects
WhiteSource instantaneously constructs the full inventory list of open source components for each of your products, down to the last dependency, and will automatically identify new open source components as they are added to your software.
Ensure your developers only use open source with licenses that you approve
With WhiteSource you can define a compliance policy and enforce it. Compliance is checked during the development process, so no time is wasted on developing around components that should not be used.
When necessary, management and legal can weigh using a simple business workflow.
Produce management and legal reports in seconds
When reports are required by customers, business partners or company executives, they can be produced instantly and without any waste of R&D time and resources.