Source Auditor provides
specialized expertise, a well developed analysis methodology, and a
proprietary open source search engine, which work together to provide
you with a fast, comprehensive, and accurate open source audit.
Some open source audit tools only scan
for copyrights and licenses, but often, open source is downloaded
without the copyrights, and these tools would miss identifying such
downloads of open source. The Source Auditor search engine, on the
other hand, compares your source code, line by line, against the actual code fingerprints of over 500,000 open source packages. This database is continuously updated as new versions and new packages become available on the internet.
Unlike other such tools which include
large databases of open source packages, the Search Auditor open source
engine is also fully aware of the genealogy of open source packages,
and can pinpoint the exact origin of specific open source which
may be available in dozens of open source packages. Since the exact
origin can drive the choice of associated license obligations, this is
a key factor in creating a comprehensive and accurate audit.
The Source Auditor search engine can
also identify open source when only the binaries have been downloaded
and no open source source code is present, further increasing the
comprehensiveness of the audit.
Our technical analysis also scans the binaries that are
distributed and deployed to customers, thereby automatically
identifying the open source that is deployed. Since the open source
obligations only apply when the open source software is distributed,
this information is vital to accurately identifying your true open
source license obligations.
Finally, the Source Auditor software identifies any of your
proprietary software which is linked through include files or static or
dynamic linking to open source which is licensed under a viral or
copyleft license. This accurately pinpoints the viral contamination
risk to your proprietary software.
Source Auditor can provide an audit
either remotely or on your site premises, depending on your preferences
and the typical audit duration is 2 weeks. Source Auditor will charge a flat fee of $12,000 for an open source audit regardless of the size of your code base.
Source Auditor will also charge travel costs if travel to your site
outside the San Francisco Bay Area is required and approved.
After the analysis, Source Auditor
will provide an inventory of open source identified, an inventory of
license obligations, and a recommendation of changes or open source
packages to replace. For packages that need to be replaced, we will
also provide a list of alternative open source packages with more
commercially friendly licenses if those are available. If desired,
Source Auditor can also recommend open source policies and processes to
be put into place for future management of open source downloads.
All of our audits are guaranteed, as we do not bill until after you are completely satisfied with the audit results.