With more than 1,000 repos, multiple CI/CD pipelines, and multiple tools and DevOps workflows executing numerous concurrent builds per day, Zendesk needed an open source management solution that could grow with the needs of the business without overtaxing the legal and engineering teams. The legacy solution in place was built for a time when software development consisted of periodic releases and limited open source usage. As a result, their legacy system produced a massive result set with too many false positives that required significant engineering and legal time to review.
“With our legacy solutions, every scan spit out so many results it was impossible for a small team to review, understand what issues were relevant, and take action. FOSSA provides the exact information I need so I can address any issues quickly and easily.”
Zendesk needed a comprehensive, real-time approach to open source license compliance. Designed specifically to integrate into the modern CI/CD pipeline and provide insight into license issues and remediation guidance throughout the SDLC, FOSSA was the exact solution Zendesk needed for its continuous compliance requirements.
FOSSA utilizes code dependency scanning across both repositories in GitHub and build servers to catalog all open source components and associated licenses before deployment, shifting left and automating compliance workflows.
In an environment where slowing down wasn’t an option, FOSSA delivered a working process within days and covered every part of development without getting in the way.
“FOSSA enabled new, collaborative workflows across our engineering and legal teams that weren’t possible with our legacy tools and processes.”
FOSSA’s on-demand database and issue management capabilities enable Zendesk’s engineering and legal teams to seamlessly collaborate throughout the software development lifecycle to maintain open source license compliance. According to Patrick Lonergan, Associate General Counsel - Intellectual Property, “With FOSSA, I use 99% less of my engineering team’s time and only require their support on issues that matter.”
FOSSA enabled unparalleled efficiency in two ways. First, FOSSA directly integrates with the existing CI/CD tools relied on by Zendesk’s engineering team. Second, FOSSA's UI provides purpose-built interactive workflows and audit-grade reports for the legal team. Together, these provide improved developer efficiency while allowing a small legal team to support hundreds of developers across thousands of projects.