Open Source Compliance one Time Scan

Open Source Compliance one Time Scan


Palamida Professional Services

Give fast, accurate details of your code for M&A and Baselines.

Get answers when you need them.This is achieved with accurate, unbiased, and independent reports. These identify the license and vulnerability status of open source and commercial components.

I’ve been very satisfied with the services, in particular the consultant team’s ability (and natural inclination) to crack open packages that some might not, often finding subcomponents that are licensed differently. – VP, IP Legal

For immediate information or to request a quote please contact

Mergers and Acquisitions

We’re pursuing a software M&A transaction, and we need to identify intellectual property issues as soon as possible.

The emphasis during an M&A project is on results which can impact go/no-go decisions, valuation, or remediation costs. Palamida’s value during engagements is in two areas. First, we deliver a high-quality report faster than any other approach. Second, we act as an arms-length independent third party. Due to this, target companies are more willing to share code for analysis than if they were requested to release it to the acquiring company prior to a definitive agreement.


We understand that time is critical and often start engagements the same day that a client makes contact with us. Our process ensures the highest possible confidentiality and all information is treated on a need-to-know basis. During an M&A project, our auditors can make interim reports (if requested) to enable deal teams to use the information during negotiation. The scope and depth of our analysis are tailored to the time available. Initial results focus on IP issues that represent the most challenging remediation. With additional time, we expand the reports to the forensic level so that acquiring firms can be confident that they understand the full impact of adding the target company code to their internal repositories.


How long does an audit engagement take? The time required for an analysis depends on the size of the codebase, the amount of open source and other third-party code contained, and the level of analysis specified for the engagements. While it is difficult to generalize, many are completed within 5-10 days. Access to materials is also an important factor. Timely access to a complete set of code materials allows the engagement to start and finish promptly.

What is meant by the level of analysis? We have two general levels of analysis; overview and detailed. An overview analysis is designed to concentrate on high priority findings including copyleft-style licenses and other priorities as established for the specific engagement. A detailed report is designed to review all evidence found with the objective of a much more complete record of all third party materials. All audit engagements include a full scan of the materials and a report which details each component’s name, description, URL, license, disclosure status, and file list. Palamida PS specialists can make a recommendation based on the specifics of the situation.

What is the deliverable at the end of an audit engagement? The deliverable is in the form of a report detailing each component’s name, description, URL, license, disclosure status, and file list. If specified, the report can contain vulnerability status. In addition, we conduct a report call in which our specialists step through the report for to provide clarification and answer questions. While we are not a law firm, our PS professionals can describe best practices and other examples from our experience. While such advice is always helpful, it is not a substitute for legal advice.

How much does it cost? Since we will often assign multiple analysts to a project, pricing is a function of the number of days required. On-site and weekend work is possible, and will result in additional charges. Per day pricing is on par with other professional services and consulting rates. We have tools to assist with sizing the work, and a discussion with a Palamida PS professional will help resolve questions promptly.

Internal Baselines

We have a big product release coming up, and we’re pretty sure that our current Open Source list is incomplete

We anticipate interest from potential acquirers, and want to be ready.

We have launched an Open Source initiative and need help to get through the initial baseline scans for our products.

Our engineering VP is concerned about vulnerability issues in the Open Source components we use, and wants an analysis.

There are a number of non-M&A situations in which Palamida Professional Services can add value when the availability of additional resources and expertise is required to meet schedules or to jumpstart major initiatives. For example:

  • As the starting point for an OSS compliance program involving the use of Palamida software systems
  • When you are receiving a code drop from an outsourced supplier
  • At a key development milestone
  • When a sales contract calls for disclosure of code content
  • When you anticipate making a software project open source
  • If you anticipate interest from potential acquirers
  • IP Litigation

In all of these cases, Palamida Professional Services can supply the resources and expertise to enable predictable, accurate analysis. As with M&A projects, the scope can be tailored to the situation. This is from overview to detailed analysis and all projects are treated with the same level of confidentiality. Palamida’s experience with baseline audits ranges from small to complete for extensive product lines. In many cases, these are performed in conjunction with the startup of an OSS compliance initiative. This includes the use of Palamida software products. In these cases, the results of the baseline audit remain live in the system for reporting and future rescans. The process for a baseline audit is similar to an M&A engagement from the standpoint of determining the scope and level of analysis. Typically, the Palamida team will work more closely with the customer organization to transfer not only analysis results but also knowledge and best practices so that results can more easily form the basis of an on-going program if required. Our Professional Services team members can help you determine how and when baseline audit services make sense for your organization.

Do you wish to know more ?

Contact Us