nexB Icon
Sign in to DejaCode
SCA Services

We can help you find and fix any compliance problems, quickly.

nexB offers comprehensive Software Composition Analysis (SCA) services, ranging from a full-service approach for acquisition or investment due diligence to a product-baseline software audit for evaluating a Software Bill of Materials (SBOM) from your engineering team or a supplier.

With over twelve years of experience providing SCA services to organizations of all sizes, the nexB team has analyzed hundreds of products and millions of lines of code.

SCA Services

Software Composition Analysis is more than just "code-scanning" or "software audits".

Modern software products and systems typically contain more than 80% open source and third-party components. Organizations need to know the origin and licensing of any software they use.

SCA provides an accurate and current analysis of all the components in your software with the key objectives are to:

✔ Determine the specific origin and license for each software component in a product using trusted disclosures, automated scanning tools and human expertise to interpret the scanning results and resolve ambiguous scanning clues.

✔ Create a Software Inventory with the origin and license for all software components in a Development codebase (repositories).

✔ Create a Software Bill of Materials (SBOM) identifying the subset of development codebase components used in each product release.

✔ Identify issues related to software license compliance and propose remediation options for these issues.

✔ Create key license compliance artifacts, such as Attribution Notices for open source components.

Actionable remediations and complete SBOMs.

✔ Concise reports detailing any detected issues, with practical remediations for each.

✔ Practical remediations for any detected issues.

✔ Complete SBOM and inventories for each product.

✔ Minimal impact of product and software engineering teams.

nexB offers different levels of SCA services based on your needs and requirements.

Our full-service SCA approach includes expert analysts performing all the scanning and analysis tasks, and delivering the completed Software Inventory and SBOM files, along with a comprehensive report of Issues and Recommended Actions. This applies for due diligence when you plan to acquire or invest in a company, or when you need a baseline audit of your own software products.

Our software audit is a true “audit” of your SCA data for a product or set of products. We check your existing Software Composition data for completeness and accuracy, compared to our extensive component and package reference data.

Open source tools for open source SCA.

For our SCA Services projects, nexB uses our own open source SCA tools, including the industry-leading code scanner ScanCode and other AboutCode tools.

Organizations interested in implementing these tools and processes into their own software development processes can benefit from our assistance. We can provide support for setting up the scanning and analysis processes, along with on-demand assistance to investigate complex SCA issues.

Understand what software your products use.

Request a Product-Baseline Software Audit

nexB offers Product-Baseline Software Audits to identify license obligations and potential licensing risks for open source and other third-party software components in your software.

Already have an OSS compliance program? nexB can evaluate the completeness and accuracy of component information in an existing Software Bill of Materials (SBOM) and analyze the codebase to verify the SBOM’s completeness and accuracy.

With either approach, nexB provides actionable remediations and delivers the SBOM for each product, not just the development inventory.

Request a Product-Baseline Software Audit

Acquiring or investing? Uncover the software licensing risks.

Request a Due Diligence Audit

Most sellers do not have current and accurate data about the open source code in their products, but they will not want to show you their source code either.

nexB is a trusted third-party who can quickly analyze products of any size and technology to support your acquisition or investment due diligence process, while minimizing the impact on both the buyer and seller. We provide a comprehensive and actionable report of software IP issues supported by a detailed software inventory at the component and file level, and can tailor the depth of analysis to fit your concerns and schedule.

nexB has completed more than 500 Due Diligence Audits with 100% customer satisfaction from both buyers and sellers.

Request a Due Diligence Audit

To understand what's in their software, companies of all sizes use nexB.

Thank you for the expert guidance nexB provided to us. It made the whole evaluation process much smoother and it was exactly what we needed. We would definitely recommend nexB as an independent third-party for open-source software M&A due diligence.
Steve AbrahamHead of Corporate Development and Strategy at Box
Steve Abraham
Working with nexB since 2008, they are our primary service provider for our product release audits. They have helped us improve our process thanks to their product, DejaCode. I would strongly recommend nexB and DejaCode for every software professional in charge of licensing compliance.
Diana AndersonSr. Director, Software Compliance at ARRIS, CommScope
Diana Anderson
We were all very impressed at the quality and depth of your experience and technology, responsiveness to our concerns, ability to work through problems, and work product.
Cyrus WadiaAssociate General Counsel, Strategic IP at Pivotal
Cyrus Wadia
Thanks and this was our pleasure to work with you and your team, really professional and impressive analysis.
Richard GrondinSenior Director Data Security Group at Informatica
Richard Grondin
I will most definitely be remembering nexB, as I was very impressed by your scan, and how smooth the process was.
Bert HubertCTO and Founder at Fox-IT
Bert Hubert
Previous
Next
Thank you for the expert guidance nexB provided to us. It made the whole evaluation process much smoother and it was exactly what we needed. We would definitely recommend nexB as an independent third-party for open-source software M&A due diligence.
Steve AbrahamHead of Corporate Development and Strategy at Box
Steve Abraham
Working with nexB since 2008, they are our primary service provider for our product release audits. They have helped us improve our process thanks to their product, DejaCode. I would strongly recommend nexB and DejaCode for every software professional in charge of licensing compliance.
Diana AndersonSr. Director, Software Compliance at ARRIS
Diana Anderson
We were all very impressed at the quality and depth of your experience and technology, responsiveness to our concerns, ability to work through problems, and work product.
Cyrus WadiaAssociate General Counsel, Strategic IP at Pivotal
Cyrus Wadia
Thanks and this was our pleasure to work with you and your team, really professional and impressive analysis.
Richard GrondinSenior Director Data Security Group at Informatica
Richard Grondin
I will most definitely be remembering nexB, as I was very impressed by your scan, and how smooth the process was.
Bert HubertCTO and Founder at Fox-IT
Bert Hubert
Previous
Next

Ensuring software license compliance can be difficult.

We can help.

Start scanning your code with ScanCode
Automate FOSS compliance with DejaCode
Contact us for help with any questions