Supply Chain (SCM/SCE)Supply Chain Management (SCM) Software, Supply Chain Optimisation, Supply Chain Execution, hardware transport, supply-chain, distribution software, freight software and load planning in manufacturing and supply chain applications.
CAST and Software Heritage Partner to Create World’s Largest Provenance Index of Publicly Available and Open Source Code
CAST, the leader in Software Intelligence, and Software Heritage, the universal archive of source code, today announced a key partnership to create a provenance index of the world’s largest open archive of software source code.
Leveraging a unique indexing technology developed through this partnership, users will be able to efficiently search the Software Heritage platform to identify the original occurrence of any given source file, as well as all its subsequent occurrences. This provides unprecedented insight into the evolution of software development.
When connected to CAST Highlight, this index will provide lightning-fast identification of third-party source code across more than five billion known source code files, enabling better detection of external code, license risks and vulnerabilities.
“The lack of Software Intelligence around open source versioning and licensing puts many companies in danger of losing valuable IP, as most executives are unaware of their risk exposure,” said Vincent Delaroche, Founder and CEO at CAST. “Business leaders should be aware when open source and other external components in code expose their organization to non-compliance, legal action and possible loss of proprietary IP.”
CAST’s partnership with Software Heritage comes on the heels of the company’s 2018 acquisition of Antelink, the Software Composition Analysis (SCA) company, and all its associated patents from the Inria research institute. These patents will be leveraged in the source code provenance index partnership.
Software Heritage is an established non-profit initiative to build the universal archive of software source code. It is supported by Microsoft, Intel, Google, GitHub, as well as leading corporations such as Société Générale, academia and the public sector. Already tracking more than 5.6 billion source files from more than 88 million projects, including Debian, GitHub, GitLab, Gitorious, GoogleCode, GNU, the Python Package Index and more, the Software Heritage archive has the unique ability to trace detailed revision history of all codebase versions its stores.
“Together with Software Heritage, we are creating the most comprehensive and automated solution for managing third-party license and security risk across the global software supply chain,” said Olivier Bonsignour, EVP of CAST R&D. “The resulting Software Intelligence generated from CAST’s unique and patented reverse-engineering technology will deliver real-time visibility into outdated or vulnerable components that need to be addressed as a priority for optimal operations and software security.”
Roberto Di Cosmo, Founder and CEO of Software Heritage, added: “We are thrilled to welcome CAST as a key partner, joining us in our endeavor to collect, structure and preserve the precious knowledge embedded in source code and make it broadly accessible. CAST shares our vision, and together we are building an efficient provenance index on the Software Heritage archive to deliver unprecedented insight into software design and pave the way for better software development.”