OpenLogic's Application Audit service helps enterprises understand the license obligations that come with the open source software used in products they distribute.

The Application Audit service analyzes internally-developed software for open source packages and identifies the bill of materials (BOM) and bill of licenses for open source components. Once an application has been scanned, OpenLogic aggregates the scan information and creates comprehensive reports that give companies the information they need to make informed decisions about distribution.

What's Included

Without a comprehensive understanding of the open source packages and licenses embedded in their applications, companies that distribute software or products containing software may be at risk of violating the legal obligations of one or more licenses. OpenLogic's Application Audit service gives companies a fast, easy way to audit software applications for embedded open source packages and licenses. The Application Audit services includes:

• Application scan, which can be performed on a one-time or recurring (subscription) basis
• Bill of materials, which lists the embedded open source packages and associated licenses
• Bill of licenses, which summarizes the licenses and license references included with each open source package
• Limited indemnification and warranty

How It Works

OpenLogic's Application Audit service is available on a one-time or recurring (subscription) basis. Once your Application Audit request has been received, a representative from the OpenLogic services team interviews the appropriate members of your engineering team to gain an understanding of key issues relating to the application to be analyzed. This interview covers topics such as how open source packages are used in development, whether or not source code has been modified, the method of linking used in development, and whether and how the application is to be distributed. Next, OpenLogic's services team uses several scanning options and tools to scan the binaries and source code of your application. Once the scan has been completed, your Application Audit reports are created and delivered.

Multiple Scanning Tools for Increased Accuracy

Although there are many different scanning tools available (both open source and commercial), no single tool provides the most accurate audit in every situation. Each tool overlooks certain instances of open source usage and also identifies false positives. OpenLogic's services team employs multiple tools, based on the specifics of your application, to provide the best results.

Ensure Compliance with Open Source Licenses

License prolification in recent years has resulted in hundreds of different open source licenses, including many similar licenses with minor modifications as well as non-standard "vanity" licenses. In addition, open source packages often include bundled components that have different licenses with conflicting obligations. For companies that embed software in distributed products, it can be difficult to comply with the varying terms and conditions of these licenses. These challenges are multiplied when an organization doesn't know for sure which open source packages and licenses are included in its products. The Application Audit service helps companies navigate this complex landscape and, combined with OpenLogic's License Obligation Analysis service, ensure compliance with open source licenses.

Get a Quote

Ready to learn more about how OpenLogic can help you audit and analyze embedded open source components? Contact us today for a price quote on the Application Audit service.

*OpenLogic does not provide legal advice.