|
|
|
|
Ask HN: How dangerous is source code access?
|
|
8 points
by fredrikfornwall
2250 days ago
|
|
|
For a small startup whose product requires source code access (think static analysis as a CI service), how dangerous is it having access to the (non-open) source code of commercial customers? How do we protect ourselves from the risk of a "IP troll" trying to earn money by claiming that we have used their source code, looking for similarities between their code and ours if it comes to a court? We are planning to have a free tier where anyone can sign up, and without any protective measure it seems that we are opening up ourselves to risk. At the same time I realise that the situation of having source code access is common (GitHub, GitLab, Travis, Netlify, ...) - how do the big players protect against the same risk, besides having a formidable legal department? |
|
|
Though, I have used a third party tool like this in the past where it did the static analysis locally. Is it out of the question you could do this? Could provide a Jenkins plugin or self-hosted option.