DejaCode is a software created by nexB that helps companies manage open source license compliance. It allows importing software component data from various sources, organizing data by product, and automating compliance with open source obligations. Key features include a product portfolio to record software inventories, a component catalog of third-party software, and a license library. DejaCode can be accessed as a cloud-based service or installed on-premises. nexB also offers identification services to scan source code and generate a bill of materials listing all open source components.

1. Copyright 2015 nexB Inc.
Managing open source software license
compliance with DejaCode
June 2015

2. Copyright 2015 nexB Inc.
Agenda
• About nexB
• Software Component Management
• DejaCode
• Trial
• Identification as a Service
- DejaCode is a Trademark of nexB Inc.

3. Copyright 2015 nexB Inc.
About nexB
• Our business is software component management
o Current focus on managing license compliance risks
o Primary product is an enterprise system for tracking all software
components in your products,
o Plus practical solutions for integrating software engineering
systems with enterprise systems
• We offer:
o DejaCode™ - SaaS or on-premises
o Open Source discovery and identification services (a.k.a. software
audit, scanning) for products and acquisitions
o Open Source scanning and attribution generation tools
• We are:
o Software provenance analysis experts
o Active open source developers & Linux Foundation member
o Co-founders of SPDX project - http://spdx.org/

4. Copyright 2015 nexB Inc.
• Most companies have software component data in many formats in
many places without approval process for third-party code
o Components in Version Control systems and Repos
o Reports from internal and/or external software audits
o FOSS disclosures from suppliers
o Contracts for proprietary components
Software Component Data Management
Page Content Copyright 2010 by Linux Foundation

5. Copyright 2015 nexB Inc.
• Organizing and sharing software component data is
becoming a bigger problem than acquiring it
• nexB created DejaCode to address this problem
o Import data from any system or source
o Manage data by Product with approval workflows
o Automate compliance with FOSS obligations
Software Component Data Management

6. Copyright 2015 nexB Inc.
DejaCode
Product Portfolio
Component Catalog License Library

7. Copyright 2015 nexB Inc.
DejaCode - Product Portfolio
• Record a Software Inventory for a
Development codebase
• Record a Software Bill of Materials for
a Product Release
• A Software Inventory or BOM can
include:
o Your original components
o Third-party components
o FOSS components
• Import data from software audits or
source code management systems

8. Copyright 2015 nexB Inc.
DejaCode - Component Catalog
• Catalog of open source, third-party
and other software components
• Data includes: origin, author, license,
URLs, language, functionality, usage
etc.
• Apply your policies to components –
Approved, Prohibited or Review
Required
• nexB provides and updates master data from
public sources (e.g. OSS and free proprietary)
• You can add your own component
data elements

9. Copyright 2015 nexB Inc.
DejaCode - License Library
• Library of open source and other software licenses
• Data includes full license text, author, URLs,
definition of obligations, restrictions and other terms
• Apply your policies to licenses – Approved,
Prohibited or Review Required
• nexB provides and updates
master data from public sources
(e.g. OSS and free proprietary)
• You can add your own license data
elements

10. Copyright 2015 nexB Inc.
DejaCode - Technology
• Browser-based application
• Written in Python in Django framework
• PostgreSQL database
• Runs on Linux (Ubuntu as primary distro)

11. Copyright 2015 nexB Inc.
• Delivered as a Service with your “private” database
o http://www.dejacode.com/
o Pricing: Four subscription options -
http://www.dejacode.com/pricing.html
• On-premises option
• 30 Day trial - http://www.dejacode.com/trial.html
• Free personal edition to view DejaCode component and
license data
o https://enterprise.dejacode.com/
o No registration required
• Contact
Pierre Lapointe, Customer Care Manager
plapointe@dejacode.com / +1 (415) 287-7643
Trial

12. Copyright 2015 nexB Inc.
nexB: Identification as a Service
• Comprehensive process
• Inventory of all OSS and third-party components in Development
codebase(s)
• Bill of Materials for Deployed product components
• Combination of tools
• ScanCode (primary tool)
• Other tools used as required by a customer (open source or
commercial)
• 2 to 4 week process, fixed fee quote
• We identify specific Issues and recommended Actions
for resolution

13. Copyright 2015 nexB Inc.
Glossary / Acronyms
• Software Provenance:
• Provenance = Place of source or origin, history of ownership
• You need to know the origin/author of a component (e.g. Apache
Foundation) in order to know the license
• and how you may have acquired a copy – from a forge or website
or a supplier or ?
• FOSS: Free and Open Source Software
• Includes free, but not open source, components like Oracle/Sun
Java libraries under the Binary Code License
• SPDX: Software Package Data Exchange
• http://spdx.org/
• Emerging standard for exchanging software license data
• Sponsored by Linux Foundation