The article analyzes the existing approaches to evaluating and accounting for the software composition analysis, including open source projects. The analysis of existing frameworks for evaluating software development processes is carried out, including from the point of view of information security. Considered typical risks of using open source components with open licenses. The possibility of evaluating development processes to identify threats to information security in open source projects was noted, as well as the need to automate such a process in order to ensure the efficiency of dependency management in projects using open components as dependencies