Most modern software products and systems typically contain more than 50% open source and third-party software components. If you do not know what is in your software, we offer a range of software audit analysis services ranging from a comprehensive full-service approach for an acquisition due diligence project to an audit of a software Software BOM from your engineering team or a supplier.
With the full-service approach, we perform the software audit analysis with minimal impact on the product team and provide you with a concise report detailing any issues, practical remediation actions for those issues, and a complete Software BOM (and/or Inventory) for the product. With the audit approach, we evaluate the completeness and accuracy of component information in an existing Software BOM for a product and analyze selected parts of the product codebase to verify the completeness and accuracy of the overall Software BOM (or Inventory).
Our Open Source Software Audit Analysis methodology includes the type of software scanning performed by most companies in our industry, but it also includes an expert review of the results. All software scanning tools produce large amounts of provenance data and most of it will not be definitive without research and review by software audit experts.
Our Reports are concise - focused on tangible issues and actionable recommendations to remediate those issues. Our Report package also includes a complete Software BOM for each product analyzed. We can also load your Software BOM(s) into DejaCode at no additional cost.
Our Software Audit Analysis covers Deployed code (as distributed to a customer) in addition to Development-side code. This is important in order to understand open source license obligations and the potential impact of any issues related to use of Copyleft-licensed components. We have developed a set of tools for this analysis that are tailored for the languages and build system of the product to be analyzed.
Our services optionally include creation of Attribution Notices using nexB's DejaCode product or our AboutCode open source solution for tracking open source software data inside your codebase and build system.
A Software Bill of Materials (BOM) file that provides a complete inventory of all the Open Source code in your Development codebase with identification of which Deployed products use each Development codebase component
A summary Software Audit Report with concrete remediation actions
that the engineering team can use as a checklist to fix any potential
issues found during the audit.