Governance Edition

Governance Edition contains the request and approval workflow features, and does not contain the scanning and analysis features. This edition is designed for organizations who wish to start their compliance program with a focus on developer disclosure instead of scanning. This approach minimizes the requirements for staffing an analysis function, yet allows organizations to generate disclosures (Third Party Notices) based on developer disclosures. Governance Edition can be upgraded to Enterprise Edition easily at any time.


Request and Authorize

Palamida's system for request and approval is the result of close collaboration with some of the largest software companies in the world.

Start Early in the Development Cycle

The goal is to enable developers to request to use Open Source components during development, and receive authorization, either automatically, or after review by the appropriate stakeholders. In the process, organizations have the opportunity to enforce their policy for use as well as record and maintain information about the component such as where used, license, modifications, and other relevant data. The request form is flexible and can be tailored to the requirements of the organization.

Latest Product Features

  • Model a broader set of workflow processes by using new field types, conditional defaults, and conditional possible values.
  • Alter workflow routing as you go using people-picker fields to select reviewers, reassigning request to new owner, and using the new custom user data source connector.
  • Deliver legal guidance to requesters by using legal templates.
  • Maintain attorney-client privilege by using private fields and comments.
  • Consolidate the use of OSS components across development team by prioritized component search results with important components on top.
  • Provide visibility to the entire request review process via request history.

Policy Framework

Palamida provides a policy framework that is consistent during upfront request workflow and evaluation of scan results. Policies are based on Component, Version, License, but can also include policies based on fields on the request form. For example by including field of use as part of a policy rule, certain licenses could be approved for internal use but not for products that are distributed externally. Polices can be created in advance of scanning or request workflow, and can be updated during review of scan results. Policy status is reported throughout the product.

The "QuickReview" feature allows stakeholders from development, legal and security to efficiently review the status of a completed scan project. During quick review, policy status is clearly visible and the review team has the options to approve/reject, comment, assign action items, or request a full request workflow.


Manage IP Compliance

Accurate scan results plus tools for policy creation, legal guidance and more make compliance accurate and consistent.

The New Software Supply Chain

A modern software development project relies increasingly on Open Source software. The current average percent of content from Open Source seen by Palamida’s professional services team on a typical project is over 50 percent based on lines of code, and comprises over 100 different Open Source components. More and more organizations are recognizing the supply chain analogy – and the implications for Intellectual Property compliance.

IP compliance has five components:

Policy Creation

Policies are based on component, version and license plus additional criteria based on request form fields if needed. For example by including field of use as part of a policy rule, certain licenses could be approved for internal use but not for products that are distributed externally. Polices can be created in advance, and can be updated during review of scan results. Policy status is visible throughout the system.

Legal Guidance to Developers

A Legal Guidance function establishes a single point for creating and distributing specific information on a license-by-license basis at the time when a developer requests to use an Open Source Component. For example, the guidance could contain instructions such as "do not remove copyright statements", or "include the copyright notice in license.txt".

Creating the Bill of Materials

Create a BOM via request workflow and scanning and analysis as described above.

Remediation of IP issues

The "QuickReview" feature allows stakeholders from development, legal and security to efficiently review the status of a completed scan project. During quick review, policy status is clearly visible and the review team has the options to approve/reject, comment, assign action items, or request a full request workflow.

Production of compliance reports

A number of reports are available. Of these the most important is an accurate third party notices report. Enterprise Edition includes an automated report that is suitable for export as a shippable element of a delivered software product.


Contact Us to Schedule A Demo

Let us put our years of experience to work for you. Our sales and support team has worked with companies from start-ups to some of the world’s largest firms and has a broad portfolio of best practices. Please contact us to start the discussion.

Schedule Demo
News & Events

Knowledge Center