Hi Hans-Georg,
Glad Totara is still the software of choice. For specific responses, especially around contractual clauses, it will be best to discuss these with your Totara Partner.
To cover them in general terms:
First, regarding the Cisco Umbrella: given the complexity and differences across software, it is relatively common for security products to present false positives. However, if there are alerts that are troubling your team, these can be raised with your partner, who can then open a helpdesk ticket with us to investigate, if necessary.
Second, regarding third-party code: we do include third-party libraries. These are chosen carefully and we only include libraries with permissive licenses that are compatible with our own. We track which libraries are included, along with their licenses. As site administrator, if you visit the URL ‘/admin/thirdpartylibs.php’, you’ll see this list. You may like to discuss this with your partner also. If they provide plugins or customisations, you’d need to confirm their policy on this matter as they may not appear on that list.
Kind regards,
Brendan Cox