CAST and Software Heritage Partner to Create World’s Largest Provenance Index of Publicly Available and Open Source Code


Software Intelligence lends unprecedented insight into IP license risk.

New York and Paris – Feb. 19, 2019 – CAST, the leader in Software Intelligence, and Software Heritage, the universal archive of source code, today announced a key partnership to create a provenance index of the world’s largest open archive of software source code.

Leveraging a unique indexing technology developed through this partnership, users will be able to efficiently search the Software Heritage platform to identify the original occurrence of any given source file, as well as all its subsequent occurrences. This provides unprecedented insight into the evolution of software development.

When connected to CAST Highlight, this index will provide lightning-fast identification of third-party source code across more than five billion known source code files, enabling better detection of external code, license risks and vulnerabilities.

“The lack of Software Intelligence around open source versioning and licensing puts many companies in danger of losing valuable IP, as most executives are unaware of their risk exposure,” said Vincent Delaroche, Founder and CEO at CAST. “Business leaders should be aware when open source and other external components in code expose their organization to non-compliance, legal action and possible loss of proprietary IP.”

CAST’s partnership with Software Heritage comes on the heels of the company’s 2018 acquisition of Antelink, the Software Composition Analysis (SCA) company, and all its associated patents from the Inria research institute. These patents will be leveraged in the source code provenance index partnership.

Software Heritage is an established non-profit initiative to build the universal archive of software source code. It is sponsored by Microsoft, Intel, Google, GitHub, as well as leading corporations such as Société Générale, academia and the public sector. Already tracking more than 5.6 billion source files from more than 88 million projects, including Debian, GitHub, GitLab, Gitorious, GoogleCode, GNU, the Python Package Index and more, the Software Heritage archive has the unique ability to trace detailed revision history of all codebase versions its stores.

“Together with Software Heritage, we are creating the most comprehensive and automated solution for managing third-party license and security risk across the global software supply chain,” said Olivier Bonsignour, EVP of CAST R&D. “The resulting Software Intelligence generated from CAST’s unique and patented reverse-engineering technology will deliver real-time visibility into outdated or vulnerable components that need to be addressed as a priority for optimal operations and software security.”

Roberto Di Cosmo, Founder and CEO of Software Heritage, added: “We are thrilled to welcome CAST as a key partner, joining us in an endeavor to collect, structure and preserve the precious knowledge embedded in source code and make it broadly accessible. CAST shares our vision, and together we are building an efficient provenance index on the Software Heritage archive to deliver unprecedented insight into software design and pave the way for better software development.”

About CAST

CAST is the market leader in Software Intelligence, achieving for software what MRI has for medicine: unprecedented visibility. Backed by almost $200 million in R&D, CAST technology drives IT automation at the world’s largest systems integrators and generates insight into complex systems by scanning and understanding software structure, architecture and composition. Customers rely on CAST to make fact-based decisions, see their architectures, detect security threats and ensure the safety and soundness of business applications and software products. Learn more at www.castsoftware.com.

About the Software Heritage Foundation

Software Heritage was launched in 2016 by Inria, the French National Institute for Digital Sciences, with a mission to collect, preserve and make software source code accessible to both current and future generations. Software Heritage has partnered with Unesco and is sponsored by industry leaders, universities, and governmental bodies worldwide who all share the common vision: software source code is an important part of human heritage, and an essential mediator for access to all digital information. By building a universal and sustainable software source code archive, Software Heritage is creating an essential infrastructure for science, industry and society in general. Join the movement at www.softwareheritage.org.

About Inria

Inria, the French Research Institute for Digital Sciences, promotes scientific excellence and technology transfer to maximize its impact. It employs 2,400 people. Its 200 agile project teams, in cooperation with academic partners, involve more than 3,000 scientists in meeting the challenges of computer science and mathematics, often at the interface of other disciplines. Inria works with many companies and has assisted in the creation of over 160 startups. It strives to meet the challenges of the digital transformation of science, society and the economy. Discover more at www.inria.fr.

You can also:
Read the Software Intelligence Pulse: https://www.castsoftware.com/blog
Read the Software Heritage Blog: https://www.softwareheritage.org/blog

Follow CAST on Twitter: http://www.twitter.com/onquality
Follow Software Heritage on Twitter: http://www.twitter.com/swheritage

Contact Positive: Jordan Ratcliffe, jratcliffe@positivemarketing.com, +44 203 637 0640