How do we protect ourselves from the risk of a "IP troll" trying to earn money by claiming that we have used their source code, looking for similarities between their code and ours if it comes to a court?
We are planning to have a free tier where anyone can sign up, and without any protective measure it seems that we are opening up ourselves to risk.
At the same time I realise that the situation of having source code access is common (GitHub, GitLab, Travis, Netlify, ...) - how do the big players protect against the same risk, besides having a formidable legal department?
Though, I have used a third party tool like this in the past where it did the static analysis locally. Is it out of the question you could do this? Could provide a Jenkins plugin or self-hosted option.