DATA SHEET

Automate Attribution
Fulfillment via Third-Party
Notices Generation
Create Third-Party Notices with the Click of a Button

Organizations today have to take into account the amount of open source software KEY FACTS:
(OSS) being utilized in order to develop an effective strategy for maintaining the
compliance and security of the software supply chain. In many cases, it comprises • Revenera is the leader in providing
upwards of 70 percent of the code. Development teams recognize that the benefits complete third-party notice attribution
far outweigh the risks—quicker time to market, higher levels of innovation, and for open source code
lower cost of ownership. In some cases, not highly leveraging open source in the
• Provides automated, push-button
development process could be a competitive disadvantage.
third-party notice report generation,
When open source components are used, however, that code is authored including the production of SBOMs
by individuals who licenses the use of the code to others. Licenses vary and
• Eliminates time-consuming manual
subsequently so do the legal obligations of the user. Attribution for the author
effort of identifying and collecting
is one of those necessary obligations.
actual license texts related to open
To help companies remain compliant and provide legally required attribution, source components identified
Code Insight from Revenera automatically satisfies this requirement by generating in applications
complete third-party notices with just the push of a button. • Enables organizations to be compliant
with the attribution requirement which
Create Complete Third-Party Notices is one of the most common license
for All Components obligations

OSS licenses are legal and binding contracts between the authors and the users
• Eliminates potential legal action due
to unfulfilled license obligations
of a software component, declaring how software can be used and under what
specified conditions. The license is what determines how to abide by the authors’ • Most complete and up-to-date library
wishes. Without an open source license, the software component is often unusable of actual license texts associated with
by others due to the ambiguity around its proper use. open source component versions

Copyright © 2022 Revenera LLC. All other brand and product names mentioned herein
1.800.809.5659 | +44.870.871.1111 | revenera.com may be the trademarks and registered trademarks of their respective owners.
DATA SHEET

The license text provides a complete SAMPLE THIRD-PARTY NOTICE REPORT FROM CODE INSIGHT
explanation of any requirements and/
or restrictions for the use of a given
component and often includes the main
copyright statements. For example, some
questions answered include:

• Can the code be utilized in commercial

software?

• Is the code only to be used in free and

open source software?

• Can the code be modified?

• What type of modifications are

permitted?
• How should author attribution be
declared?
• Which uses are prohibited?

Code Insight allows users to automatically

generate third-party notices for open
source and third-party components. Our
extensive library provides extensive coverage
of the most popular components and
their associated licenses, regardless of
version. And, we are collecting license text
information on an ongoing basis.

Generating a report through Code Insight

at the click of a button eliminates countless
hours of manual time-consuming effort of
identifying and collecting actual license
texts governing the use of the open source
components in applications. Development
teams can generate a third-party notice
report in the format of their choice and
include in as part of their compliance artifacts
per whatever internal process they follow.
DATA SHEET

The Relationship Between SBOMs Continuous Open Source Compliance

and Third-Party Notices in Code Insight Managing the complexities of the entire software supply chain
An SBOM is a catalog of software parts (OSS/third-party/ makes license compliance burdensome, complex, and time
commercial) in your application. Third-party notices are consuming for engineering leaders and software developers.
attributions to all of the third-party code in a product— With Revenera’s automated attribution, users protect their
a lower-level view of external contributions to a product. intellectual property from legal risk and empower engineering
teams with faster, more compliant software development.
Code Insight from Revenera supports the management of these
two things. Meaning, most companies today are driven by the
need to produce SBOMs for their supply chain partners and to
support their application security risk management strategy.
Given that, the natural starting point is an application’s SBOM.
Code Insight supports the construction of an SBOM via a
combination of import, manual disclosures, and scanning.

Organizations producing software essentially have two options:

• Use a freely available industry tool to convert the SBOM to

a starter notices file with component, version, and license
names. However, the remaining manual work is to find
the actual license text and copyright statements for each
component version and incorporate them into the third-party
notices report. This is typically done by an internal legal team
or an outside consulting or legal agency.

• Code Insight offers support to ingest an SBOM, automatically

add in the actual license text from the Revenera data library,
and produce a third-party notices report. Optionally, Code
Insight provides support for further building out the SBOM
via deep scan and/or manual analysis capabilities down to
the fragment of code.

NEXT STEPS

Visit us to learn more about your open source LEARN MORE >
license compliance obligations.

Revenera provides the enabling technology to take products to market fast, unlock the value of your IP and accelerate revenue
growth—from the edge to the cloud. www.revenera.com

Copyright © Copyright
2022 Revenera
© 2021
LLC.
Revenera
All otherLLC.
brand
All other
and product
brand and
names
product
mentioned
namesherein
mentioned
may be
herein
the trademarks
may be the
1.800.809.5659 | +44.870.871.1111 | revenera.com trademarks andand
registered
registered
trademarks
trademarksof their
of their
respective
respective
owners.
owners.
| 765_SWM_SoftwareContainer_DS
| 889_SWM_ThirdPartyNotc_DS