Learn
Help
Updates

Go to app
Log inGet Dovetail free

Product

PlatformProjectsChannelsAsk DovetailRecruitIntegrationsEnterpriseMagicAnalysisInsightsPricingRoadmap

Company

About us
Careers15
Legal

© Dovetail Research Pty. Ltd.

TermsPrivacy Policy
Help centerLegal and privacy

Open Source

Last updated25 July 2023
Read time2 min

Contents


Like most modern software, we rely on the contributions of the open source community to build Dovetail. We are also supporters of many open source projects that we use, both financially and through code contributions.

We also understand that our software supply chain is integral to protecting customer data and that our customers may want more information about our use of open source software. We have described the measures we take as it relates to open source software to ensure appropriate use and to reduce the risks of open source software.

Approved licenses

We ensure that any open source code that we use is licensed under an appropriate license where it can be utilized and distributed within our services. These licenses include but are not limited to:

  • MIT

  • Apache 2.0

  • BSD

  • ISC

  • MPL

We do not publicly provide attribution notices for all open source code used unless required by the license. We do use any open source code licensed under GPL.

Vulnerability management

We utilize a number of different mechanisms for detecting public vulnerabilities in open source software based on the development ecosystem.

For example, for JavaScript we leverage Yarn and GitHub's security alerts program. For Docker containers, we rely on Amazon ECR image scanning and Vanta. Alerts are push-based and are first raised and then triaged based on industry-recognized Common Vulnerability Scoring System (CVSS) scores. In the case of vulnerabilities that require remediation, we create issues in our issue tracker and monitor the SLA on those being resolved.

We have a formalized Vulnerability Management Policy and have more information on our approach to managing vulnerabilities at Infrastructure and Application Security.

Give us feedback

Was this article useful?

Log in or sign up

Get started for free


or


By clicking “Continue with Google / Email” you agree to our User Terms of Service and Privacy Policy