Sonatype Advanced Legal Pack Debuts

May 5, 2021

Sonatype unveiled its Advanced Legal Pack which fundamentally changes how both legal teams and developers manage open source licenses and compliance. Using machine learning and artificial intelligence, the pack automates open source license compliance eliminating manual work, drastically improving team productivity, and expediting development innovation and release times.

Today, most teams rely on extremely time-consuming, manual processes to collect, compile, and review all of the necessary legal data to both comply with open source license obligations and generate accurate attribution reports. Given that each manual review of a component and its corresponding license can take up to 1 - 2 hours and a typical application contains 100 components, legal and compliance teams are spending hundreds of hours completing compliance reviews for just one application.

“Building and protecting software isn’t done in a vacuum by just development and security teams. Using open source software can very quickly become a legal and compliance risk for enterprises if proper procedures aren’t in place,” said Brian Fox, Sonatype CTO. “But the manual review process isn’t scalable. Automation in development has been around for years, but the industry hasn’t provided other stakeholders involved in the development process the same courtesy. Today, we’re changing that and making the lives of developers, security, and legal teams exponentially easier.”

Sonatype developed the Advanced Legal Pack to make the entire compliance and legal review process easier and to improve productivity for both developers and legal in a way that is fast, easy, cost-effective, and efficient. Capabilities include:

Legal Compliance Workflow - Using a Software Bill of Materials (SBOM) Sonatype automatically identifies every open source component license used in an application build and provides a dashboard to review the licenses and an actionable workflow to automate the review process and resolve license-related tasks obligations. Users of the [ALP] can save license obligation resolutions (per component, per license) to reuse in the future.

License Obligation Review Tool - The pack includes an extensive database of open source license obligations across multiple categories, types, and threat groups that is continuously updated by Sonatype. This database of more than 1650 open source licenses has been annotated to highlight each obligation contained within the license text allowing legal and compliance users and fast way to read through obligations and easily look up licenses, view annotated license texts, and export lists.

Extended Legal Data - Our machine learning algorithm and natural language processing detect legal data and integrate it into our legal compliance workflows. This includes more than just license detections to cover copyright statements, all notice statements, and all license texts found in a component. All legal data collection is automated.
Automated Attribution Reports/Third-Party Notices - The pack automatically collects legal data and generates attribution reports designed to help users that comply with 90+% of open source obligations, which users can save, customize, and edit to fit their needs.

Terms of Use | Copyright © 2002 - 2021 CONSTITUENTWORKS SM  CORPORATION. All rights reserved. | Privacy Statement