The index will be able to identify third-party source code and detect any risks that might be associated with it
CAST Software has partnered with Software Heritage to create a provenance index of the heritage’s repository. This will enable Software Heritage to ensure its customers that the open-source software they use doesn’t pose licensing or vulnerability risks.
The partnership is seen as a result of CAST’s acquisition of Antelink, a software component analysis company that holds several patents, last fall.
Software Heritage, a non-profit organisation dedicated to building a universal archive of source code, has some 88 million open-source projects with 5.6 billion source files in its repository, according to SD Times.
Lev Lesokhin, EVP of strategy and analytics at CAST, told SD Times that they have a patent for an index to search through Software Heritage, and to be able to go backwards and find the provenance, the origin of any component in this repository.
The index, when connected to the company’s software intelligence platform CAST Highlight, will be able to identify third-party source code and detect any risks that might be associated with it, the company said.
“The lack of software intelligence around open-source versioning and licensing puts many companies in danger of losing valuable IP, as most executives are unaware of their risk exposure,” CAST founder and CEO Vincent Delaroche said.