Automating Audit-Grade Open Source Compliance Reports

Featuring: Rob Mason, SVP of Engineering

Applause assembles custom teams of on-demand, highly-vetted professionals around the globe, providing brands with a full suite of testing and feedback capabilities. This approach drastically

improves testing coverage, eliminates the limitations of offshoring and traditional QA labs, and speeds time-to-market for websites, mobile apps, IoT, and in-store experiences.

The Challenge

When Rob Mason first took his role as Senior Vice President of Engineering at Applause, he inherited a manual process around open source software (OSS) licensing and tracking.

"The whole process for identifying and documenting open source licenses, and then providing them to customers, was awful for everyone involved. And, at Applause, it was a major challenge to continuously keep the information up to date and accurate."

The team was struggling under the load, and it wasn’t really surprising as Rob found a complex SaaS platform with several languages, development tools, and a number of repositories to manage.

"We have a pretty complex SaaS system with dozens of microservices spread over many repos and developed in five primary languages using many open source packages."

The Solution

Rob went looking for a solution that would easily address the Applause team's complex needs for open source code compliance.

"When I found FOSSA, I thought it sounded too good to be true — I had never heard of a solution that could do this. During our free trial, the FOSSA app found all the dependencies and licenses. The team was also great to work with! They were always incredibly responsive when we had questions or concerns during the onboarding process."

Very quickly, Rob found FOSSA's open source license compliance solution offered a set of incredibly valuable features.

"Our largest customers and partners want proof of our compliance with open source licenses. The fact that FOSSA lets us easily export and host that information as a nice report has been extremely useful."

That value is not only internal. FOSSA gives Rob and his team leverage in providing their customers with critical information. FOSSA provides an easy way to integrate repositories, seamlessly communicate between team members, and customize reporting that can update the application as components change.

"This is a messy and tricky area. FOSSA allowed us to explain the decisions we made during the compliance process, and we always had an audit trail to refer back to."

The Results

After renewing the first cycle of Applause’s annual contract, we asked Rob why he stayed with FOSSA.

"It saves us so much time and pain since we don’t have to chase down everyone every quarter to get things lined up. Now, I have continual review of all our OSS licenses and a system to accurately track and report on them. And, even better, FOSSA eliminates the manual process to create the comprehensive list."