Open Source Attribution
Last updated: May 2026
Koh Cyber is built on and benefits from open source software and freely available threat intelligence data. This page lists the third-party components incorporated into our product, the applicable licenses, and the authors we owe attribution to.
We are grateful to the open source community and the security researchers whose work makes email security more accessible for everyone.
1. Third-Party Data
The following third-party data products are incorporated into our threat detection pipeline. These are processed in-memory at scan time and, where stored, only as derived signals (e.g., a country code).
| Component | License | Provider | Use |
|---|---|---|---|
| GeoLite2-Country | Creative Commons Attribution-ShareAlike 4.0 | MaxMind, Inc. | Sender IP geolocation for threat context signals. This product includes GeoLite2 Data created by MaxMind, available from https://www.maxmind.com. |
Required attribution: “This product includes GeoLite2 Data created by MaxMind, available from https://www.maxmind.com.”
2. Open Source Software
The following open source libraries power our backend services, API, and scanning pipeline.
| Library | License | Author | Purpose |
|---|---|---|---|
| FastAPI | MIT | Sebastián Ramírez | API service framework |
| Uvicorn | BSD 3-Clause | Encode OSS Ltd. | ASGI web server |
| SQLAlchemy | MIT | Mike Bayer / SQLAlchemy Authors | Database ORM |
| Alembic | MIT | Mike Bayer / SQLAlchemy Authors | Database schema migrations |
| Pydantic | MIT | Samuel Colvin et al. | Data validation and settings |
| BeautifulSoup4 | MIT | Leonard Richardson | HTML parsing for URL extraction |
| httpx | BSD 3-Clause | Encode OSS Ltd. | HTTP client |
| aiohttp | Apache 2.0 | aiohttp contributors | Async HTTP client |
| dnspython | ISC | Bob Halley et al. | DNS lookups for domain analysis |
| psycopg2 | LGPL v3 | Daniele Varrazzo et al. | PostgreSQL database adapter |
| python-jose | MIT | Michael Davis | JSON Web Token handling |
| SlowAPI | MIT | Laurent Savaete | API rate limiting |
| Google Cloud Python SDK | Apache 2.0 | Google LLC | Cloud infrastructure, Gmail API integration |
| Stripe Python | MIT | Stripe, Inc. | Payment processing |
| SendGrid Python | MIT | Twilio Inc. | Transactional email notifications |
3. Planned Integrations
The following components are part of our near-term roadmap. Attribution will be confirmed active when each integration ships.
| Library | License | Author | Planned Purpose |
|---|---|---|---|
| Strelka | Apache 2.0 | Target Corporation; Sublime Security fork | Attachment file analysis microservice (YARA, macro extraction, PDF analysis) |
| python-oletools | BSD 2-Clause | Philippe Lagadec | Microsoft Office OLE/VBA macro analysis |
| YARA / yara-python | BSD 3-Clause | VirusTotal / Google LLC | Pattern matching rules for malware detection in attachments |
| lark | MIT | Erez Sh. | Parser library for MQL-compatible rule engine |
4. Detection Research and Content
The following open source threat intelligence repositories inform our built-in detection rule library and threat signal lists.
| Repository | License | Author | Use |
|---|---|---|---|
| sublime-security/sublime-rules | MIT | Sublime Security, Inc. and community contributors | Detection rule patterns used as reference for Koh’s built-in rule library |
| sublime-security/static-files | Unspecified (public) | Sublime Security, Inc. | Threat intelligence lists: free email providers, suspicious TLDs, URL shorteners, free file/subdomain hosts, and subject keyword patterns |
5. Questions
If you have questions about our use of open source software or would like a copy of any applicable license text, please contact us at legal@kohcyber.com.