How to Successfully Implement Open Source Management in your ALM?

July 15, 2015 Maya Rotenberg

Open source usage is playing an increased strategic role in today’s software companies. According to the 2015 Future of Open Source survey, two-thirds of respondents said their companies create software for customers built on open source, and more than that said they consider using open source before other options. This requires you to make changes to your ALM process.

Do you know how to implement open source management in your software's lifecycle?

Code

Once the requirement definition and design are complete, the actual coding begins. The usage of open source components in coding commercial software is rising as more companies understand they should let their developers focus on the mission critical parts of their software, rather than reinvent the wheel.

If you are using open source components, you need to verify the licenses, security, and versioning of each open source component your developers are adding. This can save significant time; and problems from occurring in later stages. Most companies require their engineering to maintain a spreadsheet with all of the open source components they are using. This is a time consuming and tedious task, but a critical one (although there are alternatives to manual documentation).

Build

During the build you need to check your open source components more thoroughly to ensure that the code you are implementing will not negatively impact your company’s goals.  This process should be to identify all your open source licenses and check it against your company policy.

You should be aware that although some open source licenses, like the BSD, Apache, and MIT, are quite liberal and basically let you use the software any way you want as long as you attribute the original developer. Others, like the GNU licenses, play well with other software licensed as open source but make life difficult for proprietary offerings. These could be catastrophic for your company to discover after deployment.

Test

All the hard work of your team in the previous stages will come under a microscope at this phase. And this is also the case regarding you open source components. This is the time to take care of all the special cases identified during the build stage and run the necessary approval processes. Be sure that your approval and review process is open, well-documented and transparent to avoid major issues after launch.

In addition, the open source community is quick to find and fix bugs and security vulnerability, so be sure to check new versions or updates for the open source components you are using. Doing this manually is a hard task, but there is an automated solution that alerts you whenever a security issue has been found or a new update has been released.

Release

The process does not end with the deployment of your software. You will need to provide complete and comprehensive reports on demand as part of your EULA (End User License Agreement) for your product, for partnerships or for audits. This effectively lets you prove compliance whenever required. Of course with open source components keeping up-to-date on current licensing requirements, code changes, and security breach issues can be an exhausting and never-ending time waster for your developers.

WhiteSource can take the frustration out of continuously trying to keep track of open source components and their licenses by automating open source management to allow your team to focus on building great products.

WhiteSource integrates with your build tools and becomes part of your continuous integration environment. It automatically identifies all the open source components (including all dependencies) and provides you with full inventory and licenses reports. 

 

Previous Article
Using a Spreadsheet to Manage Open Source Components? There’s a Better Way…
Using a Spreadsheet to Manage Open Source Components? There’s a Better Way…

Are you using a spreadsheet to manage the open source components in your software? There is an easier an...

Next Article
You Might Be Doing It Wrong: Handy Tips to  Secure Your Proprietary and Open Source Code
You Might Be Doing It Wrong: Handy Tips to Secure Your Proprietary and Open Source Code

Potential security vulnerabilities are of great concern to software developers and users alike. Software de...

Our Open Source Security Annual Report

Read More