| Please excuse the transition to our new website design.

Impossibly Fast. Unbelievably Accurate.

  • Real Time Matching

    Our proprietary technology enables us to find embedded open source snippets in your software during build time. Coupled with our policy management and build gating actions, we ensure that you're not releasing insecure, non-compliant code.

  • Exact Origin Asset License Accuracy

    Our matching algorithm is so accurate that we can track an embedded open source snippet back it's correct, original license from the exact file from which that snippet originated. This is critically important as open source projects change licenses over time.

Anatomy of an Embedded Open Source Snippet

1
A developer is tasked with writing a feature. Like other features, a dev wants to get it done as quickly as possible.
2
The developer searches for $FEATURE and finds numerous results from Github, Gitlab, and Stack Overflow. Score!
3
The developer finds a sweet open source repository full of goodies to help quickly finish the features. Devs will oftentimes use code from more than one project.
4
The developer copies and pastes the sweet goodies or downloads the entire open source files into their project. Sometimes removing the original license and changing the file, class, and method names.
5
The dev completes the feature on time & under budget with help from substantial amounts of embedded open source. Time to party!
6
The feature with embedded open source is merged into your codebase along with all of the license risk associated with open source projects.
7
You now have compliance violations & possibly security vulnerabilities derived from the original open source snippet

Build Tools Integration

Automating the detection of open source vulnerabilities, licenses, and supply chain risk and quality is a snap. We seamlessly integrate into tons of build tools and can quickly deliver risk remediation suggestions

  • Jenkins
  • Gitlab
  • Azure Pipelines
  • Bamboo
  • Circle CI
  • Cloudbees
  • Team City
  • TravisCI
  • AWS Code Build
  • CodeShip
  • Buddy
  • Semaphore CI