Developers often incorporate third party software or other software modules into software applications and codebases to add desired functionality, reducing the burden to develop particular functionality internally. For example, the growing number of quality open source software products have significantly reduced software development time at minimal cost. However, individuals and organizations making use of third party software must manage quality and security vulnerabilities of the software, as well as ensure compliance with license obligations associated with the software, failure of which may lead to serious financial and legal repercussions.
As the size of a software codebase grows, managing incorporated software components becomes increasingly complicated. For example, third party software may be part of or used by multiple software files within a codebase by virtue of insertion into multiple software components, file duplication, and copy and paste of code segments. Further, software code such as third party code may be modified or adapted for various uses, potentially interspersing e.g. third party code with internally written code. Additionally, small snippets of code, such as malicious code or other vulnerability causing code, may be introduced into a codebase. Manual tracking of software components is insufficient for determining the location or locations of these types of software code, and a robust automated solution is needed to ensure software security and compliance with license obligations.