nexB provides services for open source and third-party software component management and license compliance. We have unique expertise in complex embedded devices and large server-based or appliance-based software products.

Our Software Provenance Audit includes the type of code source scanning/matching applied by most companies in our space, but it also includes an expert review of the results. An audit is typically a two to four week process that identifies all the open source and other third-party code included in a product.

Concise Analysis review by Open Source experts

The primary benefit of our service is that it is performed by Software Provenance experts and therefore our Reports are concise, focused on real issues and actionable recommendations to remediate issues identified from an audit.

In contrast, a tools-only approach will provide a massive amount of raw data that requires extensive human review, filtering, and processing before it can be transformed into useful information and actions.

Our service is unique because we analyze both Development code and Deployed code (i.e. the product package delivered to a customer, typically in binary format). Analyzing the Deployed code enables us to:

Some of the most common software audit use cases are Acquisition Due Diligence and Product Release.

Acquisition Due Diligence

You want to know the origin and license obligations for a software product that you plan to acquire. This may be:

  • As simple as confirming that the licensing of a third-party or open source software product complies with your organization standards; or
  • As complex as acquiring a whole software company.
Learn More


Product Release

You want to ensure that your software, or hardware with embedded software, product complies with your licensing rules and that it will not create risks for your customers. There is a small, but growing, trend of customer demand for a certified Bill of Materials (BOM) for software, similar to familiar standards in most manufacturing supply chains.
Learn More about Software Audits for Product Release

The deliverables from a Software Provenance Audit project are: