OPEN SOURCE RISK ASSESSMENT

The efficiency of open source without the risk.

Kickdrum Open Source Assessments employ automated and manual inspections to uncover security vulnerabilities and commercially unfriendly license conflicts before they become a problem.

WHAT TO EXPECT

How well do you know your open source code? Kickdrum executes scans and follows a proven playbook for manually inspecting any potential risks, offering verbal readouts and written risk reports that detail any security and license red flags, along with remediation recommendations.

HOW IT WORKS

Whether you’ve got a single product in one organization you’d like evaluated or need multiple products inspected across numerous organizations, Kickdrum can usually get started with secure, read-only access to your source code and a 1-2 hour product and source code orientation. In most cases, full reports and remediation recommendations are delivered within 7-10 business days.

WHAT YOU LEARN

Whether evaluating deal risk or looking for security insights that could impact your business, Kickdrum Open Source Evaluations include verbal readouts and written reports that cover:

License non-compliance
Security vulnerabilities
Remediation recommendations
Detailed scanning tool reports
Inventory exports
Option to Investigate open source modifications

Request a sample report

Millions

Lines of Code Reviewed

$20B+

Total Transaction Volume

98

NPS

Which Open Source Assessment is Right for You?

TIMING

OUTPUT

AUDIENCE

FOCUS

Choose from two program options:

One-Time Assessment

Executed during the time pressure of a transaction

Results clearly assess security and license risk, and provide prescriptive guidance for mitigation

Reports and purpose-built for investment committees and boards

Insights focus on current state

Continuous Assurance

Run regularly or continuously to uncover trends and trajectory

Results clearly identify new risks, missing best practices, and prescriptive guidance for next steps

Reports are designed for inclusion in Board of Directors presentations

Insights focus on progress and trajectory towards goals and expectations

Offerings

ASSESSMENT SCOPE

CODE ORGANIZATION

TIMELINE

Small

A product with code managed through version control and packaging best practices.

Single product,
unbundled app, or API

30 or fewer repositories,
folders, or projects

7 - 10 business days

Large

A limited set of products managed with best practices, but increased open source usage and/or lack of package management.

Up to 3 products

More than 30 repositories,
folders, or projects

Up to 10 business days

Custom

A broad set of products, unusually large codebases, or lack of best practices. These require additional scoping to determine effort and pricing.

Several products, or those built
within multiple organizations

An exceptional number of repositories,
folders, or projects

Up to 30 business days

Featured

Mission critical M&A negotiation and comprehensive cloud migration planning

Assess, Cloud Migration, Cost Optimization

Mission critical M&A negotiation and comprehensive cloud migration planning

Assess, Cloud Migration, Cost Optimization

Assess, Cloud Migration, Cost Optimization

62% decrease in AWS costs

Cost Optimization, Development

62% decrease in AWS costs

Cost Optimization, Development

Cost Optimization, Development

25% in validated monthly AWS savings

Cost Optimization

25% in validated monthly AWS savings

Cost Optimization

Cost Optimization

See why Open Source Assessment customers consistently return and recommend this service throughout their network.

WHY KICKDRUM