Ask HN: How dangerous is source code access?

8 pointsfredrikfornwall6y ago1 comments

For a small startup whose product requires source code access (think static analysis as a CI service), how dangerous is it having access to the (non-open) source code of commercial customers?

How do we protect ourselves from the risk of a "IP troll" trying to earn money by claiming that we have used their source code, looking for similarities between their code and ours if it comes to a court?

We are planning to have a free tier where anyone can sign up, and without any protective measure it seems that we are opening up ourselves to risk.

At the same time I realise that the situation of having source code access is common (GitHub, GitLab, Travis, Netlify, ...) - how do the big players protect against the same risk, besides having a formidable legal department?

1 comments

1 comments · 1 top-level

yellow_lead6y ago

It sounds like you could benefit from a lawyer, some well written terms of use, etc.

Though, I have used a third party tool like this in the past where it did the static analysis locally. Is it out of the question you could do this? Could provide a Jenkins plugin or self-hosted option.

j / k navigate · click thread line to collapse