Standard Edition

Standard Edition contains the scanning and analysis features, without the request and authorization workflow. It is designed for organizations who need to focus first on analysis of code content, perhaps as a result of an immediate requirement for disclosures (Third Party Notices). Standard Edition has all of the scanning and analysis features of Enterprise Edition, and can run on a single laptop for small organizations or on a higher capacity server for expanded capacity. It can be upgraded to Enterprise Edition easily at any time.


Scan and Analyze

Palamida is the leader in advanced techniques to identify Open Source and other third party software in use within your development projects.

The Palamida scan engine

The Palamida scan engine is optimized for analysis of source and binary files using a number of detection techniques. Detection of Open Source materials is based on comparison of the target codebase with the contents of the Palamida Compliance Library, a large database containing over two million Open Source projects in over 20 languages. Palamida continuously updates its Compliance Library with new Open Source releases using both automated and manual techniques. The combination of detection techniques and the comprehensive coverage of Open Source in the Compliance Library ensures that analysis with the Palamida system results in accurate and timely results, down to the version level.

Palamida contains a portfolio of analysis tools from fully automated to special purpose to enable detailed analysis of both source and binary code.

Source Code

Unlike a web search engine which has a single search parameter per search, the Palamida search scan engine breaks a source code file into many individual searches (“snippets”) so that the system can identify partial matches to open source. Matches from the most likely origin file are highlighted in yellow, and matches from other files are highlighted in a different color to ensure that the analyst has a complete picture for the case in which code from multiple files is combined in a single file.

Licenses

Files are scanned for license text and detected licenses are displayed in a group and the file tree can be filtered to show files containing the matching license. When a specific file is selected the matching text is highlighted.

URLs and email addresses

Files are scanned for text which matches patterns typically used for URL and emails. After scanning, URLs or emails can be selected and the corresponding scan results are displayed in list form. Individual URLs or emails can be selected and the file containing them can be viewed. URLs are highlighted when viewing the file contents.

Palamida AutoExpert™ Rules

A continuously updated and increasing set of detection rules make analysis of scan results increasingly automated. Palamida creates rules based on human analysis of the most commonly used Open Source projects and via automated analysis of repositories. Over 1.2M rules are available today. Users can also create their own rules to automate reporting of items which are unique to their projects.

Binary

A file hash is compared against known OSS file hash values from the Palamida compliance library and matches are reported in the file tree as exact matches. Once a file is selected for further analysis, components and versions of Open Source projects that match the selected file are displayed. In addition, string, copyright, license text, and email/URL detectors are available for text that survives compilation. Increasingly, scan results with exact matches are analyzed automatically.

Copyrights

Files are scanned for text that matches patterns typically used to express copyrights. After the scan, copyrights are displayed in list form. Individual copyrights can then be selected and the file containing them can be viewed. The detected copyrights are highlighted.

Text Strings

Specific text is often a good indicator of third party code. For example “taken from” is an obvious signal for further investigation. Once detected, the strings are displayed in list form so that the analyst can view the files. String results are highlighted when viewing the file contents.

Java Namespace

Specialized features make analysis of Java code efficient and productive. By clicking on the namespace tab, the file tree displays compiled namespaces which is useful for finding license issues within JARs by making it easier to view the origin of JAR files. After analysis, results are published for review, and a variety of reports are available.


Monitor Vulnerability Status

Continuous updates of new Open Source vulnerabilities enables rapid response to reported security issues in the components you use.

A Growing Concern

Vulnerabilities in Open Source projects have recently received much more visibility. The Heartbleed and ShellShock vulnerabilities reported in 2014 caused many organizations to re-examine their policy for use of Open Source. Palamida has included vulnerability reporting in its products since 2009 based on continuous monitoring of the National Vulnerability Database.

Vulnerabilities are reported at the version level and are reported for any component in use regardless of its origin (repository) or language.

Palamida includes a dedicated user role for security. This user, the security analyst, has visibility of new security issues upon login, email notifications, and the ability to approve use of Open Source components after review of security status.

Comprehensive Info, Timely Notification

Vulnerability information is visible throughout the product, including during review of scan results, during component search, as part of request to use, and in multiple reports.

Palamida also tracks projects throughout their lifecycle and provides vulnerability alerts in the form of email updates for new vulnerabilities that are reported for Open Source components in use within shipping or deployed projects for which the scan and analysis work is completed.


Contact Us to Schedule A Demo

Let us put our years of experience to work for you. Our sales and support team has worked with companies from start-ups to some of the world’s largest firms and has a broad portfolio of best practices. Please contact us to start the discussion.

Schedule Demo
News & Events

Knowledge Center