Black Duck Software, a global leader in securing and managing open source software, today announced new deep binary analysis capabilities added to Protex, its industry-leading solution for managing open source compliance.
Protex helps organizations understand which licenses govern the modification, use and distribution of open source binaries and source code in their code base. Building on Protex’s license-compliance capabilities, Protex Binary Analysis Tool integration offers deeper analysis of custom binaries that may include open source code carrying additional license obligations and restrictions.
Companies have the complex task of shipping legally compliant software, often without always knowing the origin of code they embed from suppliers. While suppliers are asked to provide a list of open source software used and associated licenses, companies need to verify the accuracy of the reported information to fully protect their intellectual property.
However, because code is often only provided in binary form, it is challenging both to verify what specific open source software is in use, and to identify the associated licenses and obligations. This lack of information can expose organizations to potentially costly and time-consuming legal risks, jeopardizing their software assets.
The Binary Analysis Tool (BAT) is open source software created by Tjaldur Software Governance Solutions. BAT analyzes data from more than 30 types of compressed files, file systems, installers, etc., to identify use of open source software.
The Protex BAT Integration offers customers not only access to Black Duck’s KnowledgeBase, which has more than 1.2 million open source projects and licensing data, but also an additional BAT KnowledgeBase with compliance data on 200,000 open source binary packages. Together, Protex and its integration with BAT yields a complete picture of open source software usage and associated license compliance risk on both source code and binary files – in a single view.
“Companies in software supply chains are increasing their awareness of license compliance issues in their suppliers’ code to avoid costly litigation. The Protex Binary Analysis Tool integration combines the power of the Binary Analysis Tool with Protex to provide supply chains with a way to look at both their source code and their binaries to ensure they are shipping without any license issues,” says Armijn Hemel, owner of Tjaldur Software Governance Solutions, and founder of the Binary Analysis project.