/* Google Analytics ----------------------------------------------- */

Monday, June 22, 2009

Governance - Where is my code coming from?

With PCI compliance, i have to ask all teams to look at all the libraries, frameworks etc we are currently using in our code. The objective is to validate that we do not violate copyright. of course this should not be done once, we need to validate for each build. So, I was looking for tools. And you know what, I found some.
  • HP Fossology (open source): used to track and monitor the use of Open Source software within an organization. The main functionality made available at the moment is license detection, more features will be added in the next future. HP FossBazaar is a community platform to discuss best practices related to the governance of FOSS.

  • Black Duck (leader on this market): Three products are available within a unified framework- Black Duck Code Center, Export and Protex.
    • Code Center supports the front-end of the development process where developers search for and select open source components, as well as the ongoing monitoring of the components in use.
    • Protex and Export are used on the back end of the process when code needs to be validated before it is deployed.
    • The foundation of the Black Duck Suite is the Black Duck KnowledgeBase.

  • Protecode: Protecode offers a full range of products and services to help organizations properly manage their Software IP. They pretend to have solutions that detect, identify, record and report on all of the IP attributes of any software repository:

    • Enterprise IP Analyzer™ - analyzes and identifies all code in a directory, producing customizable reports identifying all IP attributes and potential violations.
    • Developer IP Assistant™ - is an Eclipse or Microsoft Visual Studio plug-in,. operating unobtrusively on a developer’s workstation, detecting in real time all code that is brought into the development environment.
    • Build IP Analyzer™ - analyzes all code that is consumed as part of a build creating a detailed report on all components that were used in the final product, ensuring there are no violations against enterprise policies.
    • Protecode IP Audit Service™ - is a software due diligence service that provides expert, analysis and reporting of an enterprise code portfolio. It establishes the Intellectual Property (IP) attributes of existing code and is effective and accurate in preparation of mergers & acquisitions or commercial transactions.

  • OpenLogic: OpenLogic provides software and services that enable enterprises to safely acquire, support, and control open source software in order to reduce potential risks and maximize the value of open source. OpenLogic Exchange (OLEX) is a free web site that provides on-demand access to over 130,000 open source packages, including the OpenLogic Certified Library of hundreds packages that have been certified for use in the enterprise. OLEX enables companies to find, research, and download hundreds of certified open source packages on demand

  • Sun License Tool (open source): utility tool that helps in analyzing the copyright headers in your sources