Most modern software products and systems typically contain more than 50% open source and third-party software components. If you do not know what is in your software, we offer a range of software audit analysis services ranging from a comprehensive full-service approach for an acquisition due diligence project to an audit of a software Software BOM from your engineering team or a supplier.
With the full-service approach, we perform the software audit analysis with minimal impact on the product team and provide you with a concise report detailing any issues, practical remediation actions for those issues, and a complete Software BOM (and/or Inventory) for the product. With the audit approach, we evaluate the completeness and accuracy of component information in an existing Software BOM for a product and analyze selected parts of the product codebase to verify the completeness and accuracy of the overall Software BOM (or Inventory).
Our Open Source Software Audit Analysis methodology includes the type of software scanning performed by most companies in our industry, but it also includes an expert review of the results. All software scanning tools produce large amounts of provenance data and most of it will not be definitive without research and review by software audit experts.
Our Reports are concise - focused on tangible issues and actionable recommendations to remediate those issues. Our Report package also includes a complete Software BOM for each product analyzed. We can also load your Software BOM(s) into DejaCode at no additional cost.
Our Software Audit Analysis covers Deployed code (as distributed to a customer) in addition to Development-side code. This is important in order to understand open source license obligations and the potential impact of any issues related to use of Copyleft-licensed components. We have developed a set of tools for this analysis that are tailored for the languages and build system of the product to be analyzed.
Our services optionally include creation of Attribution Notices using nexB's DejaCode product or our AboutCode open source solution for tracking open source software data inside your codebase and build system.
A Software Inventory of the open source and third-party code in your Development Codebase and a Software BOM of the open source and third-party packages that you distribute or deploy for each of your products.
A comprehensive report to document the audit project and our findings. It includes an actionable list of licensing Issues and corresponding remediation Actions that you can use as a due diligence checklist. The report also includes actionable recommendations from the audit beyond the Issues.