Open Source Audit Finds Commercial Software License That Could Have Derailed M&A Transaction

FossID Auditor Big Save

Successful software composition analysis requires not only great technology, but also human expertise as well. Our team of open source auditors have made many “big saves” for our clients – catching unusual and elusive license compliance and security vulnerability issues that could have otherwise caused major problems. Here’s one such FossID Auditor Big Save.


A leading cloud platform company, known for its advanced industry-specific project management focus, aimed to acquire a software company that specializes in efficient document management. This new addition would complement and extend the capabilities of the acquirer’s software platform.


Before finalizing the acquisition, the client needed a thorough understanding of any potential legal or security risks associated with integrating this technology into its existing portfolio. The company engaged FossID to conduct an open source risk audit to identify potential legal and security risks that might impede the smooth integration of the target’s technology into its own. The open source risk audit incorporates the use of software composition analysis (SCA) with the human expertise provided by experienced, professional open source auditors.

Of particular concern to the client was the presence of open source software containing copyleft (restrictive) licenses and/or commercial software also carrying restrictive license terms and conditions.


Leveraging FossID Software Composition Analysis (SCA), the FossID audit team not only discovered the existence of open source software containing copyleft licenses, but the auditors also actually found the presence of commercial software embedded within the codebase. It now became essential for the target company to verify that a valid license agreement was in effect. Failure to have an appropriate license for the use of this commercially licensed software could result in legal liabilities for the acquiring company.

Based on this result, the client realized it was necessary to thoroughly understand if the terms and conditions of the commercial software compromised the value of the target company and what, if any, remediation action needed to be taken prior to closing the transaction. Discovering this situation after the fact would have caused considerable time delays and expenses to the acquiring company. Not to mention that in some situations there may have been no resolution. The transaction did ultimately close, and both parties benefited by addressing this issue before it could have created real damage.

In response, the acquiring company considered conducting a thorough legal and compliance review of the target company. This included verifying active agreements for any software components with commercial licenses. If issues were identified, the teams could negotiate necessary licenses, replace or remove non-compliant software components, and ensure ongoing compliance through regular software audits.

FossID Workbench is our flagship solution that provides a graphical user interface on top of our core components – the FossID CLI (command line interface), License Extractor and Dependency Analysis. Workbench makes it easy for you to manage projects, configure scans, analyze output, administer policies and generate reports.

By proactively addressing legal and compliance concerns in a target company’s source code prior to finalizing an acquisition, the acquiring company was able to:

  • Avoid Potential Legal Exposure: By resolving issues related to the use of commercial licenses without proper agreements.
  • Limit Business Risk: Discovering issues with the target’s code after the transaction’s close could have resulted in the need to rework integration plans; directly affecting future operations.
  • Ensure a Smooth Integration Process: Ensuring legal, security, and compliance obligations had been met enabled the client to execute its strategy without delay or interruption.
  • Enhance Compliance Operations: As a result of this audit the acquiring company implemented an ongoing process with FossID for regular third-party and open source software audits to maintain security and license compliance throughout its portfolio.

This “Big Save” underscores the value of Open Source Software Risk Audits during the M&A technical due diligence process.

Let’s Talk

Our team of experts will take you on a guided tour of all the amazing things FossID can do. We look forward to meeting you!

Read Other Case Studies