Help docs
Learn
Get in touch

Go to app
Log inTry for free

Product

InsightsAnalysisAutomationIntegrationsEnterprisePricingLog in

Company

About us
Careers14
Legal

© Dovetail Research Pty. Ltd.

TermsPrivacy Policy
Help centerLegal and privacyArticle

Open Source

Last updated25 July 2023
Read time2 min

Table of contents


Like most modern software, we rely on the contributions of the open source community to build Dovetail. We are also supporters of many open source projects that we use, both financially and through code contributions.

We also understand that our software supply chain is integral to protecting customer data and that our customers may want more information about our use of open source software. We have described the measures we take as it relates to open source software to ensure appropriate use and to reduce the risks of open source software.

Approved licenses

We ensure that any open source code that we use is licensed under an appropriate license where it can be utilized and distributed within our services. These licenses include but are not limited to:

  • MIT

  • Apache 2.0

  • BSD

  • ISC

  • MPL

We do not publicly provide attribution notices for all open source code used unless required by the license. We do use any open source code licensed under GPL.

Vulnerability management

We utilize a number of different mechanisms for detecting public vulnerabilities in open source software based on the development ecosystem.

For example, for JavaScript we leverage Yarn and GitHub's security alerts program. For Docker containers, we rely on Amazon ECR image scanning and Vanta. Alerts are push-based and are first raised and then triaged based on industry-recognized Common Vulnerability Scoring System (CVSS) scores. In the case of vulnerabilities that require remediation, we create issues in our issue tracker and monitor the SLA on those being resolved.

We have a formalized Vulnerability Management Policy and have more information on our approach to managing vulnerabilities at Infrastructure and Application Security.

Give us feedback

Was this article useful?


Your customer insights hub

Turn data into actionable insights. Bring your customer into every decision.

Try for free

Product

InsightsAnalysisAutomationIntegrationsEnterprisePricingLog in

Company

About us
Careers14
Legal

© Dovetail Research Pty. Ltd.
TermsPrivacy Policy