Why Source Code Scanning Tools are Essential to Open Source Compliance
|
|
Merging code in open source software is easy. Just grab and add, right? Well, no. If you don't pay attention to what license each inclusion is offered under, the users of your software may end up with a disaster on their hands. Happily, there are free tools available to help you avoid just that.
|
|
When you incorporate open source (OS) code into larger programs, it is risky to assume that the official license for the project is the only license you need to comply with. This is true even if the only OS code your company consumes comes from software projects with permissive rather than copyleft licenses. (For an explanation of the difference between copyleft and permissive OS licenses, and why copyleft-licensed code cannot be used in proprietary applications, please see this earlier post about OS license types ). Any OS component could be subject to a myriad of OS licenses that you might be unable to identify without performing a source code audit and scan. This is why regular use of source code scanning tools (a.k.a. software composition analysis software) is essential to any open source compliance program. Full Story |
This topic does not have any threads posted yet!
You cannot post until you login.
