nexB offers comprehensive software provenance analysis services for companies who want help determining what is in their software or in software provided by their suppliers.

We help companies actively identify and manage open source and third-party software and help them:

  • Establish policies, processes, and tools for managing open source software components and their licenses,
  • Identify software component provenance (license and origin) with open source scanning services,
  • Manage software components with a complete software "bill of materials" including open source, third-party and original code,
  • Facilitate reuse of software components inside a company and across the software supply chain.

The primary benefit of our service is that it is performed by Software Provenance experts and therefore our Reports are concise, focused on real issues and actionable recommendations to remediate issues identified from an audit.

We offer software provenance analysis services (code scanning/code auditing) for Product Release and for Acquisition Due Diligence. We have a deep knowledge in software IP analysis across languages and environments including embedded systems. We have performed more than 350 audits to date.

nexB's DejaCode (™) enables your organization to actively discover, manage, and monitor the open source and third-party software components you use in software products. With DejaCode you can define efficient governance for evaluating and approving the use of open source components, implement effective policies to mitigate potential risk from open source licenses, and automate compliance with open source license obligations.

AboutCode (™) is a simple open source project from from nexB. The idea is to keep software provenance data close to the code. It provides a simple way to document the provenance (origin and license) and other important or interesting information about open source and third-party software components that you use in your project.

TraceCode (™) helps companies automate the analysis of a build using dynamic tracing. This tool will help them determine accurately what is deployed and what is not in their product.