Open source usage is playing an increased strategic role in today’s software companies. According to the 2015 Future of Open Source survey, two-thirds of respondents said their companies create software for customers built on open source, and more than that said they consider using open source before other options. This requires you to make changes to your ALM process.
Do you know how to implement open source management in your software's lifecycle?
Once the requirement definition and design are complete, the actual coding begins. The usage of open source components in coding commercial software is rising as more companies understand they should let their developers focus on the mission critical parts of their software, rather than reinvent the wheel.
If you are using open source components, you need to verify the licenses, security, and versioning of each open source component your developers are adding. This can save significant time; and problems from occurring in later stages. Most companies require their engineering to maintain a spreadsheet with all of the open source components they are using. This is a time consuming and tedious task, but a critical one (although there are alternatives to manual documentation).
During the build you need to check your open source components more thoroughly to ensure that the code you are implementing will not negatively impact your company’s goals. This process should be to identify all your open source licenses and check it against your company policy.
You should be aware that although some open source licenses, like the BSD, Apache, and MIT, are quite liberal and basically let you use the software any way you want as long as you attribute the original developer. Others, like the GNU licenses, play well with other software licensed as open source but make life difficult for proprietary offerings. These could be catastrophic for your company to discover after deployment.
All the hard work of your team in the previous stages will come under a microscope at this phase. And this is also the case regarding you open source components. This is the time to take care of all the special cases identified during the build stage and run the necessary approval processes. Be sure that your approval and review process is open, well-documented and transparent to avoid major issues after launch.
In addition, the open source community is quick to find and fix bugs and security vulnerability, so be sure to check new versions or updates for the open source components you are using. Doing this manually is a hard task, but there is an automated solution that alerts you whenever a security issue has been found or a new update has been released.
The process does not end with the deployment of your software. You will need to provide complete and comprehensive reports on demand as part of your EULA (End User License Agreement) for your product, for partnerships or for audits. This effectively lets you prove compliance whenever required. Of course with open source components keeping up-to-date on current licensing requirements, code changes, and security breach issues can be an exhausting and never-ending time waster for your developers.
WhiteSource can take the frustration out of continuously trying to keep track of open source components and their licenses by automating open source management to allow your team to focus on building great products.
WhiteSource integrates with your build tools and becomes part of your continuous integration environment. It automatically identifies all the open source components (including all dependencies) and provides you with full inventory and licenses reports.