Organizations sometimes need to integrate third party code into their own code. There are many open source libraries available today that offer their code for re-use. Commercial code too is available at a cost. Manual processes aimed at identifying and marking such open source components, so that some of the most basic license requirements – like protection of intellectual property - can be satisfied, oftentimes proves to be a tedious chore. This is especially true for organizations that write millions of lines of code in a collaborated manner.
Protecode Enterprise is a comprehensive Software Composition Analysis (SCA) solution that enables secure and safe use of third-party code in software products. Protecode Enterprise can be used within development and testing processes or in the legal compliance departments to manage risks arising from the use of third-party code, including open source, internally developed, outsourced, and even commercial code.
There are many benefits in managing third party code at the earliest point in the development cycle:
Protecode Enterprise is flexible enough to offer both source code and binary analysis that easily integrates into R&D continuous integration environments.
Protecode Enterprise is a comprehensive SCA solution that ensures software signoff at various phases of the software development life cycle (SDLC), allowing for secure, safe, and risk-free use of third-party code in products.
Software Bill of Materials (BOM) Generation
Automatically generate and maintain an up-to-date software BOM. Maintaining a software BOM within R&D is the most cost effective way for all stakeholders from R&D, to legal, to maintenance to obtain up-to-date information on the composition of software packages. Alternatively legal and other stakeholders can run their own analyses using their preferred workflows.
Security Vulnerability Assessment
Identify and flag known vulnerabilities affecting third-party software components used in projects. These come with severity ratings in order to prioritize remediation of detected vulnerabilities. Automated alerts are generated when new known vulnerabilities are detected against already scanned components.
Comprehensive Open Source License Reporting
Produce an actionable, consolidated list of licenses and legal obligations associated with the software packages or files discovered in a software portfolio.
Deep Scanning and Snippet Detection
Detect and report on code snippets or copy/paste code embedded in files that would match public domain open source files, and produce a side-by-side similarity comparison of your code and public domain code.
Configurable License and Copyright Policies
Define your own Intellectual Property (IP) policy templates and apply them to specific scans. Define black and white lists of known licenses and copyrights, and define behaviour for custom licenses and copyrights. Protecode Enterprise automatically flags violations of your policies for further investigation. You can choose to ignore common code patterns, or adjust the sensitivity of analysis.
Export Control and Encryption Reporting Report on published Export Control Classification Numbers (ECCNs) and encryption content in your project or code portfolio. Many countries have export controls in place that require disclosure of any encryption algorithm embedded in the product.
Supports Software Package Data Exchange (SPDX) standard. Protecode Enterprise can read and generate SPDX files.
Create reports in HTML, spreadsheet, or popular documentation formats.
Supported File Types