image-blog-vcs-how-to-use-open-source-code
September 27, 2019

How to Use Open Source Code in Proprietary Software

Version Control

You’re probably leveraging open source code in some way or another. After all, much of the internet was built on open source technology. This includes the Rocky Linux operating system, the Apache web server application, and even GitHub repository hosting.

But teams aren’t just using open source software. Some teams are even using open source code in proprietary software.

Read along or jump to the section on open source code that interests you the most.

➡️ git tools + the benefits of helix core

Back to top

What Is Open Source Code?

Open source code is source code that is made available for anyone to use — for free. Open source code is typically supported by a community.

But there are some commercial options available for open source code. These include:

  • Dual-licensing (open source and proprietary).
  • Professional services (such as OpenLogic support).
  • Software as a service (selling subscriptions).
Back to top

Can Open Source Software Be Used For Commercial Purposes?

Open source software can be used for commercial purposes. This means you can use open source software for commercial purposes — but you can't always place restrictions on people who receive software from you. And commercial doesn't mean the same thing as proprietary.

📕 Related Resource: Need Open Source Code Support? Click Here to Find Out More. 

Back to top

Using Open Source Code in Proprietary Software

You can use open source code in proprietary software. But you should be aware of what open source licensing applies. For instance, some licenses allow you to sell your software. But your code must be open sourced under the same license.

In fact, many development teams use open source projects as building blocks for proprietary software. In fact, a 2018 report found that 96% of applications have open source components. And the average percentage of codebases that are open source in applications grew from 36% in 2017 to 57% in 2018.

The CTO's Guide to Locking Down Git

Git lacks security, which invites bad behavior. Unless you do something about it. In the CTO's guide to locking down git, CTOs share tips for locking down Git for good.

✨ Lock Down Git ✨

If you’re considering leveraging open source code, you should carefully consider the pros and cons.

Pros

There are some significant pros to using open source code in proprietary software development.

The biggest pro by far is to speed up development while adding little to no cost.

For example, you need a source code editor inside your own project. You could build a basic one yourself. Or you could use one of the best editors available today — the Microsoft Visual Studio Code open source project. It’s supported by hundreds of contributors. Using it would make your own project that much better.

There are other pros, too. If you leverage open source code as the building blocks for your project, it enables innovation for your developers. Instead of reinventing the wheel, they can think outside the box — and focus on the features that will set your product apart from competitors.

A great way to leverage open source code in your project is to use the right version control. Helix Core, for instance, lets you bring open source Git code into your pipeline via Helix4Git.

📘 Related Resource: More on Helix4Git

Cons

There are also some cons to using open source code for commercial projects.

Open source code has strings attached. Most open source software falls into two licensing categories:

  • Permissive (with few terms and conditions).
  • Copyleft (with strict terms and conditions).

Most open source projects fall into the copyleft category, which can be more difficult to navigate. If you don’t follow the licensing terms and conditions, you could be sued.

Is Open Source Software Free From Terms and Conditions?

Open source isn’t entirely free. That is, while it’s free to acquire open source, it’s not free to maintain and manage it. Your team will have to do that. They usually come with an attached license that requires users to adhere to certain terms and conditions.

There are other risks, too — including quality, security, and maintainability. Open source might not be held to the same standards that your development team is held to. It is largely reliable, because there are more eyes on it. But this transparency means that the bad guys can look at the code, too — and find vulnerabilities.

Back to top

How to Use Open Source Software Wisely

Open source software is everywhere. And using open source repositories could help you accelerate development and reduce costs.

But how do you do it without risking the drawbacks?

It’s definitely possible. If you follow the right steps…

1. Find a Sound Project

Open source projects are not created equally. Some projects will be more reliable than others. And there are tons of options to consider for every type of open source component. For instance, GitHub alone has over 100 million repositories created by 31 million contributors.

As you evaluate potential code to leverage, ask the following questions:

  • Who created it?
  • Is it actively developed?
  • Is it maintained?
  • How often has it been downloaded?

Popularity indicates quality — and applicability of open source. If a project is popular (and has many contributors), it will likely have what you need for your own project.

Some projects are universal. Big name companies (Facebook, Google, Microsoft, Netflix) all have created popular open source projects. These become so popular that developers almost forget where they started.

2. Check the License Before You Use It

There are different types of licenses for open source projects. After you select a project, be sure to read the fine print. That way, you’ll know what exactly you’re signing up for — and avoid any potential violations/lawsuits.

3. Vet Security — Beyond the Community

Before you use open source components in your proprietary software, you need to know it won’t cause security risks. Selecting with an open source project with an active support community helps. That community can alert you to any security issues.

But the best way is to do security checks up front. Using a static analyzer can be useful here to identify potential errors (such as buffer overflow) that lead to security risks.

It’s also important to ensure security as you bring the code into the build. For example, if you use Jenkins, you can mirror or populate open source Git code into Helix4Git. That allows you to control the code more closely. Then you can execute security tests at appropriate stages of the pipeline.

4. Stay on Top of Updates

Any time the open source components you’re using get updated, you’ll need to ensure they still work properly with proprietary components. Staying on top of updates is key to avoiding issues.

Managing the code in a tool like Helix4Git gives you more control over when and how you adopt it into your product.

Back to top

The Best Way to Incorporate Open Source Code

It’s important to use open source code & software wisely. It can give you many advantages as you develop your product. It can also introduce some risks. The steps we’ve outlined above are solid starting points for leveraging open source wisely.

But the best way to incorporate open source into your product is to use the right tools.

Using Helix4Git (with Helix Core) makes it easy to bring open source Git code into your build safely. You can pull together code from multiple sources — GitLab, GitHub, Bitbucket, Helix Core, etc. — into a single workspace. And you can even have your digital assets and binary files in that workspace.

As a result, you’ll get a single source of truth in Helix Core — and you’ll be able to pull in open source Git code.

Contact us to learn more about bringing open source Git code into your build pipeline. 

CONTACT US

 

Related Content:

Back to top