Open source software is pervasive. But it’s not done growing. There are more than 40m projects on Github today and many others in different repositories. There are trillions of lines of code in our universe. This has created a deluge of code data, the likes of which we’ve never seen before.
Understanding potential code vulnerabilities is becoming an increasing priority for every company. But perhaps the best kept secret in open source is that today’s compliance tools aren’t complete nor can they scale to address this massive challenge and opportunity.
That’s why, as compliance officers and engineers, we started FOSSID just two years ago.
FOSSID is a software solution that integrates in the development process and detects all FOSS in your code base, from an entire component to a code snippet.
Having used existing tools for many years, we grew frustrated by the limited coverage of the databases. We had to manually inspect projects before adding them to our databases. And it was so slow. It was like AskJeeves in the dotcom era; they were doing everything manually. FOSSID is the Google of compliance, we do it completely automatically.
We set out to build a database that stores massive amount of data, all the publicly available source code on the Internet. The result is never before seen precision in code scanning. It’s also faster; its code search algorithms scan files in milliseconds, exponentially faster than the competition,. This means less time lost in development. And it’s private. Code is never uploaded or sent to the server.
Existing open source scanning tools are based on existing database technology, which aren’t built to store the amount of data required for today’s compliance needs. There’s trillions of lines of code and ½ trillion snippets as of today. These databases simply aren’t designed for that. So we built our own.
What we try to do is to make it easier for companies to use open source. Our intention is to make sure engineers and compliance officers can tap into this vast resource and use as much open source as possible, protect their IP, efficiently reuse components and accelerate time to market.
We believe FOSSID will help companies accelerate new technologies going forward, technologies like blockchain, machine learning and others that are just emerging. Open source software and infrastructure is what advances the most nascent technologies at breakneck speeds. Without an understanding of what’s in those software components, the benefits of open source could be moot.
We hope you’ll join us as we seek to improve open source compliance and adoption. Let us know how we can help.