1. Field
Embodiments of the systems and methods described herein are generally related to software and source code analysis.
2. Background
Developers often incorporate third party software into software applications and codebases to add desired functionality, reducing the burden to develop particular functionality internally. For example, the growing number of quality open source software products have significantly reduced software development time at minimal cost. However, individuals and organizations making use of third party software must manage quality and security vulnerabilities of the software, as well as ensure compliance with license obligations associated with the software, failure of which may lead to serious financial and legal repercussions.
As the size of a software codebase grows, managing incorporated third party software components becomes increasingly complicated. For example, third party software may be part of or used by multiple software files within a codebase by virtue of insertion into multiple software components, file duplication, and copy and paste of code segments. Further, third party code may be modified or adapted for various uses, potentially interspersing third party code with internally written code. Manual tracking of third party software is insufficient for this purpose, and a robust automated solution is needed to ensure software security and compliance with license obligations.