Many organizations do not know what other software is really in their software!

Most modern software products and systems typically contain more than 50% open source and third-party software components. If you do not know what is in your software, we offer a range of software audit analysis services ranging from a comprehensive full-service approach for an acquisition due diligence project to an audit of a software Software BOM from your engineering team or a supplier.

With the full-service approach, we perform the software audit analysis with minimal impact on the product team and provide you with a concise report detailing any issues, practical remediation actions for those issues, and a complete Software BOM (and/or Inventory) for the product. With the audit approach, we evaluate the completeness and accuracy of component information in an existing Software BOM for a product and analyze selected parts of the product codebase to verify the completeness and accuracy of the overall Software BOM (or Inventory).

Expert Technical Review

Our Open Source Software Audit Analysis methodology includes the type of software scanning performed by most companies in our industry, but it also includes an expert review of the results. All software scanning tools produce large amounts of provenance data and most of it will not be definitive without research and review by software audit experts.

Concise Report

Our Reports are concise - focused on tangible issues and actionable recommendations to remediate those issues. Our Report package also includes a complete Software BOM for each product analyzed. We can also load your Software BOM(s) into DejaCode at no additional cost.

Deployed Code Analysis

Our Software Audit Analysis covers Deployed code (as distributed to a customer) in addition to Development-side code. This is important in order to understand open source license obligations and the potential impact of any issues related to use of Copyleft-licensed components. We have developed a set of tools for this analysis that are tailored for the languages and build system of the product to be analyzed.

Software Compliance Automation

Our services optionally include creation of Attribution Notices using nexB's DejaCode product or our AboutCode open source solution for tracking open source software data inside your codebase and build system.


The deliverables from a Software Audit Project are:

Software BOM

A Software Bill of Materials (BOM) file that provides a complete inventory of all the Open Source code in your Development codebase with identification of which Deployed products use each Development codebase component

Software Audit Report

A summary Software Audit Report with concrete remediation actions that the engineering team can use as a checklist to fix any potential issues found during the audit.


Attribution Notices

Optional - Software Attribution Notice(s) to add to your product UI or documentation as required by most open source software obligations.

Redistribution Package

Optional - Help you create a package of source code for redistribution as required by Copyleft licenses.