Are you using a spreadsheet to manage the open source components in your software?
There is an easier and better way. Here's why:
Open source libraries use other open source libraries, and so on…
So if you have a list of 100 open source components in your code, there could be 500 open source components that you are using.
It is just impossible to list them all.
Using a spreadsheet means that your team has to report to you every time they add a new open source component.
They may forget. They may not be sure what exactly they added.
And, per (1) above, they cannot discover and report on all the sub-components (there can be tens per a single open source instance that they decided to use).
That means that you may end up with components that you are not allowed to use in your software.
So down the line, you may have to ask a developer to remove a component after he has already integrated it into your software. The result may be a costly loss of effort and frustration. If you are just about to release a new version and cannot find a good enough replacement, this can turn into a small crisis. The crisis may be even bigger if a problematic component is discovered during an important due diligence process…
Since the open source components you use are now part of your product, you must track their bugs and security vulnerabilities as if they were in your code.
You have to figure out which of the security vulnerabilities announcements affect open source components that you use, and, when necessary, quickly patch your software with the right fix.
For all the reasons above, this is impossible when using a spreadsheet.