Governance and risk

Community Code of ConductInsuranceAccessibility StatementOpen Source
Approved licensesVulnerability management
Modern Slavery StatementAnti-Bribery and Anti-Corruption Statement
More articles
Help homeLegal and privacyGovernance and risk

Open Source

Like most modern software, we rely on the contributions of the open source community to build Dovetail. We are also supporters of many open source projects that we use, both financially and through code contributions.

We also understand that our software supply chain is integral to protecting customer data and that our customers may want more information about our use of open source software. We have described the measures we take as it relates to open source software to ensure appropriate use and to reduce the risks of open source software.

Approved licenses

We ensure that any open source code that we use is licensed under an appropriate license where it can be utilized and distributed within our services. These licenses include but are not limited to:

  • MIT

  • Apache 2.0

  • BSD

  • ISC

  • MPL

We do not publicly provide attribution notices for all open source code used unless required by the license. We do use any open source code licensed under GPL.

Vulnerability management

We utilize a number of different mechanisms for detecting public vulnerabilities in open source software based on the development ecosystem.

For example, for JavaScript we leverage Yarn and GitHub's security alerts program. For Docker containers, we rely on Amazon ECR image scanning and Vanta. Alerts are push-based and are first raised and then triaged based on industry-recognized Common Vulnerability Scoring System (CVSS) scores. In the case of vulnerabilities that require remediation, we create issues in our issue tracker and monitor the SLA on those being resolved.

We have a formalized Vulnerability Management Policy and have more information on our approach to managing vulnerabilities at Vulnerability management.

Was this article useful?

Related articles

Security

Vulnerability management

Security

Security policies

Authors

Bradley Ayers

Co-founder / CTO

Article info

Last updated 17 August 2021
2 min read

Get help

Can’t find what you’re looking for? Search through our articles or contact our support team and get a response within 24 hours.

Get help
Start a 7 day free trial

Start free trial
A few of our customers

See more customers →
autodesk
bcg
Figma
gitlab
glossier
nng
shopify
vmware
Product

AnalysisRepositoryPeopleEnterpriseIntegrationsCustomersPricingStatusLog in