To help its customers ensure the open-source software they use doesn’t pose licensing or vulnerability risks, CAST Software this week announced a partnership with Software Heritage under which CAST will create a provenance index of the heritage’s repository.
RELATED CONTENT: Preserving software’s legacy
The partnership is a result from CAST’s acquisition last fall of Antelink, a software component analysis company that holds several patents that underlie CAST’s ability to index the repository.
Software Heritage, a non-profit dedicated to building a universal archive of source code, has some 88 million open-source projects with 5.6 billion source files in its repository. Lev Lesokhin, EVP of strategy and analytics at CAST, described it as “the largest repository out there. The patents we acquired with this technology that we bought has a patent for an index to search through Software Heritage, to be able to go backwards and find the provenance, the origin, of any component in this repository. Without this index it’s a brute-force search that’s like impossible to do,” Lesokhin told SD Times.
The index, when connected to the company’s software intelligence platform CAST Highlight, will be able to identify third-party source code and detect any risks that might be associated with it, the company said.
“The lack of software intelligence around open-source versioning and licensing puts many companies in danger of losing valuable IP, as most executives are unaware of their risk exposure,” CAST founder and CEO Vincent Delaroche said in the announcement. “Business leaders should be aware when open source and other external components in code expose their organization to non-compliance, legal action and possible loss of proprietary IP.”
CAST Software has always been about software intelligence, and last October, built SCA capabilities into its Highlight product, Lesokhin said, enabling the company to go after WhiteSource and Black Duck in the open-source software analysis market, Lesokhin said.