Information security firm OpenLogic announced on Wednesday a product that will scan Windows, Linux and Solaris machines for all installed open source software.
OpenLogic Discovery will help enterprise customers inventory their installed open source software to help them remain compliant with internal policies.
Using OpenLogic Discovery’s graphical or command line interfaces, users can scan a computer for installed open source packages, including packages that were not explicitly installed but were bundled with other software. OpenLogic Discovery then provides a detailed inventory of the open source software identified on the company’s computer system.
“Our large enterprise users have told us because open source products often come in the back door there is no way of knowing what is installed,” Rod Cope, cofounder and CEO of OpenLogic, told LinuxInsider. “This causes problems in accurately tracking projects, licenses and product versions for which a company may be legally responsible.”
The free download will be available from OpenLogic starting May 15 as a beta release, noted Kim Weins, the company’s vice president of marketing.
OpenLogic will release the official, non-beta version of OpenLogic Discovery on June 15, she added.
“Companies can’t manage what they don’t know they have,” she said in explaining the need for the program. “We hope our customers will get acquainted with our commercial auditing and security products once they use the free program.”
Why Use It?
OpenLogic Discovery is a first-of-its-kind offering, according to Cope. It fills a gap in available tools in working with open source programs because open source packages do not register with the operating system.
“Because open source is often downloaded by individual developers, most enterprises do not know what open source software is deployed in their organization,” said Steve Grandchamp, CEO of OpenLogic. “Open source software has revolutionized corporate software development for the better, but there can be risks, costs and liabilities if the enterprise doesn’t know what open source software is being deployed. OpenLogic Discovery enables companies to become more aware of open source usage in their IT environment and better manage some of those risks.”
What It Does
OpenLogic Discovery identifies installed open source software through both a graphical interface and a command line interface. The scanning engine detects open source installations whether they were installed explicitly or bundled with other software products.
OpenLogic Discovery identifies software by digital fingerprints, checking the fingerprints against a library of more than 5,000 versions across 800 of the most commonly used open source packages, according to company officials.
OpenLogic Discovery’s command line interface lets users integrate with existing software deployment or software asset management systems in order to inventory installed open source software on multiple systems.
After scanning a system, OpenLogic Discovery provides a detailed inventory on all of the open source software detected. An XML reporting format lets users aggregate results into a database or reporting system.