Modernizing Open Source Management with Continuous Compliance

Featuring: Patrick Lonergan (Associate General Counsel, Intellectual Property)

Zendesk customer service and engagement products are powerful and flexible, and they scale to meet the needs of any business. Zendesk serves businesses across hundreds of industries, and the company is always working to create new and better solutions for its customers. Zendesk needed to respond to an intensifying problem: legacy open source management tools and processes that

were unable to keep pace as a growing number of development teams increased the use of open source software components. Looking to modernize, Zendesk turned to FOSSA for its open source compliance needs by embedding continuous compliance into the development process itself, streamlining workflows for its legal and engineering teams alike.

The Challenge

With more than 1,000 repos, multiple CI/CD pipelines, and multiple tools and DevOps workflows executing numerous concurrent builds per day, Zendesk needed an open source management solution that could grow with the needs of the business without overtaxing the legal and engineering teams. The legacy solution in place was built for a time when software development consisted of periodic releases and limited open source usage. As a result, their legacy system produced a massive result set with too many false positives that required significant engineering and legal time to review.

“With our legacy solutions, every scan spit out so many results it was impossible for a small team to review, understand what issues were relevant, and take action. FOSSA provides the exact information I need so I can address any issues quickly and easily.”

The Solution

Zendesk needed a comprehensive, real-time approach to open source license compliance. Designed specifically to integrate into the modern CI/CD pipeline and provide insight into license issues and remediation guidance throughout the SDLC, FOSSA was the exact solution Zendesk needed for its continuous compliance requirements.

FOSSA utilizes code dependency scanning across both repositories in GitHub and build servers to catalog all open source components and associated licenses before deployment, shifting left and automating compliance workflows.

In an environment where slowing down wasn’t an option, FOSSA delivered a working process within days and covered every part of development without getting in the way.

“FOSSA enabled new, collaborative workflows across our engineering and legal teams that weren’t possible with our legacy tools and processes.”

The Results

FOSSA’s on-demand database and issue management capabilities enable Zendesk’s engineering and legal teams to seamlessly collaborate throughout the software development lifecycle to maintain open source license compliance. According to Patrick Lonergan, Associate General Counsel - Intellectual Property, “With FOSSA, I use 99% less of my engineering team’s time and only require their support on issues that matter.”

FOSSA enabled unparalleled efficiency in two ways. First, FOSSA directly integrates with the existing CI/CD tools relied on by Zendesk’s engineering team. Second, FOSSA's UI provides purpose-built interactive workflows and audit-grade reports for the legal team. Together, these provide improved developer efficiency while allowing a small legal team to support hundreds of developers across thousands of projects.