Open Source Compliance Suite

"I worked on M&A at a variety of companies that acquired all sorts of different kind/stages of startups. They rarely are compliant with even simple notice licenses (don't bother to post notices), let alone any of the more restrictive licenses."
- D. Berlin, Google  Lawyer

Modern software projects rely on hundreds, if not thousands, of open-source code packages. Using open source can save valuable engineering time, but also creates legal responsibilities.

Before you close a funding round or sign up a major enterprise customer, your investors and clients will ask:

• Exactly what open-source packages are contained in your product?
  
• Are you following the license terms of each package, including displaying legal notices and publishing your in-house modifications, where required?
  
• Do you have valid Contributor License Agreements (CLAs) with all outside open-source contributors?
  
• Are you using open-source code that is no longer maintained by its authors, suffers known security flaws, or originates in an embargoed country?
  

CorePlane will scan your codebase, flag potential issues, and document your open-source compliance, continuously and automatically.

­Track open source in your product

Automatically create a file that lists all your open-source dependencies, including licenses, copyright owners, and any required legal text. Receive GitHub pull requests for updates on a configurable schedule, or anytime on demand.

Ensure license compatibility

Automatically flag dependencies that have license terms incompatible with your project. For example, some projects may need to avoid using GPL-licensed dependencies.

Support audits and legal diligence

Export data products to satisfy your security audits and IP diligence, such as an Excel spreadsheet listing all your dependencies with complete license and ownership data.

Verify open-source licenses, even if the package has missing or incorrect data

More than half of all open-source packages have missing or out-of-date ownership and license data. CorePlane uses machine learning and an expert-optimized database of dependencies to track down and repair inaccurate information.

Monitor quality of your open-source dependencies

Identify packages that have been abandoned by their authors, or suffer from known security vulnerabilities.

Accept and track Contributor License Agreements

CorePlane keeps a digital “paper trail” for outside contributions, ensuring that your intellectual property is protected.