Maintain an inventory of components
The most important open-source management practice that organizations should have is an inventory of which open-source components are used, and where, Mackey said. That s particularly important because of the way many organizations obtain their open-source components, Korren said. Very few organizations use open source directly from GitHub. A lot of them are getting a copy of the project and putting it into an internal code repository. Tsvi Korren
Teams need to go into their internal code repositories and understand whether something was written from scratch or their developers incorporated an open-source project, Korren added.
Mackey advised that when taking inventory, teams should reach beyond open-source software.