Case Study: UROS achieves real-time visibility and automated license and dependency detection with Black Duck

Exposing licensing and dependency conflicts in real time

UROS, a Finnish IoT company chosen by the government of India for the National Jal Jeevan Mission, set out to simplify and automate its DevOps-driven SDLC but ran into limited visibility around open source dependencies and licensing obligations. Its existing GitHub and custom scanners couldn’t scale or reveal hidden licensing conflicts and transitive dependencies, creating a barrier to faster, secure development.

UROS implemented Synopsys Black Duck, a software composition analysis tool that tracks declared and transitive dependencies, surfaces license issues, and integrates with build tools to deliver real-time, automated scan results. The deployment quickly uncovered implicit dependencies and licensing concerns, enabled ongoing automated security checks in the pipeline, and materially improved UROS’s security posture and operational scalability.

UROS

Jari Korkiakoski

Chief Architect