More and more companies are developing software using open source pieces, or using open source tools. As that happens, MSPs need to help clients use it responsibly and so they can comply with licensing rules.
You can’t just throw in these open source pieces and forget about them. There is the licensing part, of course, but there is also a security angle, as well. Like anything else, you have to make sure your open source components are patched, or it could lead to a security risk.
As open source tools proliferate inside every company, even SMBs, it becomes harder to track this kind of information. As the resident IT pros at these organizations, it up to you to help make sure that your clients are compliant and up-to-date. It is, after all, why they pay you.
Tracking #OpenSource tools in spreadsheets is a recipe for human error. It is a process that is tedious, inefficient, and requires you to manually update your information on a regular basis.
Often companies resort to spreadsheets to track this kind of information. It is a process that tends to be tedious, inefficient, and requires you to manually update your information on a regular basis. It’s a recipe for human error, and increases the likelihood that your clients end up being non-compliant.
There’s a tool for that
Luckily, there are tools that have been designed to help automate this process. This could involve other open source tools or commercial SaaS offerings to help you manage your compliance and updates.
In fact, The Linux Foundation has a whole page devoted to open source tools developed to help you comply with licensing rules. It makes sense that this is something the open source community would embrace. You can take advantage of tools like Fossology, which the page describes as, “an open source license compliance software system and toolkit.” It works from a command line or a web interface and helps companies make sure all of their open software is compliant.
There are also commercial tools to help like FOSSA, a tool that tries to take this a step further. It starts by scanning for open source software. It then checks for dependencies and looks at licensing and patching to be sure you are both in compliance and have the most up-to-date patches. Finally, you can generate detailed reports that let you see how you’re doing.
However you choose to check your client’s compliance with open source licensing — whether using an open source tool or one you have to pay for like FOSSA — it’s in your client’s best interest to know where they stand from an open source licensing compliance perspective. Having the right tools in place can help you increase your value as a managed service provider.
Photo: Marciobnws / Shutterstock