Our Audit Services

FOSSID’s audit services provide you with accurate and timely open source analysis with the highest confidentiality. Our team of experts performs trustworthy audits thanks to years of experience as well as our range of tools for open source scanning based on the most extensive open source knowledge base on the market.

Blind Audit

Due to security concerns surrounding M&A transactions, we have designed and implemented the ability to perform audits and generate reports without looking at the target source code, thanks to our zero false-positives technology.

DIY Audit

Do It Yourself Audit is an unprecedented approach to open source auditing that provides you with scan results from FOSSID’s knowledge base as well as time limited access to FOSSID Cloud tools so that you can audit your own software.

Blind Audit – Step By Step

DIY Audit – Step By Step

What Is The Result Of An Audit?

The output of an audit service includes a range of comprehensive reports. If you are conducting a Blind Audit, these reports will be provided to you by your appointed FOSSID project leader. If you are conducting a DIY Audit, you will be able to generated them yourself from FOSSID’s Web Application:

Open Source Inventory or Bill of Materials (BoM)

This report contains a list of all detected 3rd party open source components, files and even copy-pasted code snippets. The interactive capabilities of this report makes it easier to inspect and review all findings from the audit, as well as to filter information and create resulting lists of action points.

Security Vulnerabilities Report (CPE-CVE)

This report includes a list of all detected security vulnerabilities and exposures (CVEs) in the audited open source software and the corresponding Common Platform Enumerations (CPEs) according to the National Vulnerability Database (NVD) and other sources.

Software Package Data Exchange (SPDX)

Built according to the Software Package Data Exchange® (SPDX®) specification, which is an industry standard format for communicating the components, licenses and copyrights associated with software packages. This report can be imported into compliance tools such as FOSSID for future due diligence.

Executive Summary

The executive summary is a document produced for business purposes that summarizes outstanding findings and other observations from all the reports in such a way that readers can rapidly become acquainted with the overall open source licensing and security vulnerability status of the audited software.

Do You Have A Project In Mind?