Auditing Your Company's Use of Open Source: Checklist for Creating an Open Source Compliance Program

Open source is now a key part of any software strategy, with 77% of Enterprises including open source in commercial products. To ensure your company can reap the benefits from a rapid adoption of open source technologies, you need to have a strategy to manage your open source consumption responsibility.

What you'll learn

FOSSA has partnered with leaders in open-source from foundations like OpenChain and Open Source Program Office experts from companies like Uber, Verizon Media, Ford, and TDAmeritrade to assemble and share these best practices in developing open source compliance programs.

Modern technologies that form the backbone of major technological innovations all have roots in open source — from microservices to agile CI/CD, from digital transformation to artificial intelligence (and we could go on). From lowering the total cost of ownership (and decreasing time to market) to improving development practices and product quality, open-source comes with clear benefits to your business.

Creating an Open Source Compliance Program: Auditing Your Company’s Use of Open Source discusses:

The checklist you need to create, run and maintain an Open Source Compliance Program

The creation of your Open Source Compliance policies

Initiating your compliance program rollout

Iterating and expanding your program across new products and business units


Up to 90% of any piece of software is from open source, creating countless dependencies and areas of risk to manage. FOSSA is the most reliable automated policy engine for security management, license compliance, and code quality across the open source stack. With FOSSA, engineering, security, and legal teams all get

complete and continuous risk mitigation for the entire software supply chain, integrated into each of their existing workflows. FOSSA enables organizations like Uber, Zendesk, Twitter, Verizon, Fitbit, and UiPath to manage their open source at scale and drive continuous innovation.

Use Cases

Risk Mitigation

FOSSA users benchmark 47% fewer false-positives by finding dependencies they actually rely on earlier in the SDLC.

Continuous Compliance

Get 90% faster insight in your CI/CD workflows — an average of four weeks shorter compliance implementation time.

Due Diligence

Only FOSSA delivers the most complete open source audit for IPOs and M&As plus 5% annualized engineering savings in the first week alone.