Open Source Blind Audits
Due to security and privacy concerns surrounding M&A transactions, FossID has designed a “Blind Audit” – a unique ability to perform audits and generate reports without the need to access source code.
Let us help you with your Mergers and Acquisitions Transactions!
Targeted for M&A and corporate transactions
Confidential, comprehensive, and precise Free and Open-Source Software (FOSS) audits.
Our team of experts performs trustworthy audits thanks to years of experience using our Software Composition Analysis (SCA) and FOSS scanning tools.
Code confidentiality with Blind Audits
Blind Audits never access or transfer your source code, scanning cryptographic hashes instead.
Industry-leading knowledge base
Audits leverage FossID’s and Snyk’s best-in-class knowledge base for FOSS license compliance and security.
Snippet matching in just 6 lines of code
Audits uncover the smallest traces of Open-Source licenses and vulnerabilities.
Actionable reports for all teams
FossID’s Blind Audits result in a collection of comprehensive reports in industry-standard formats, granting full insight into Open-Source components, files, and snippets along with their corresponding origins and licenses.
Executive Summary
High-level view of the Open-Source licensing and security vulnerability status of the audited software.
SPDX Report
The industry standard for communicating the components, licenses, and copyrights associated with software packages.
Interactive SBOM
A filterable view of all detected 3rd party FOSS components, files, and code snippets used to create follow-up actions.
Vulnerability Report
Comprehensive list of all detected Common Vulnerabilities and Exposures (CVEs) and Common Platform Enumerations (CPEs).
Blind Audit – Step by step
Fingerprint Collection
Stand-alone utility is sent to the target company along with execution instructions to collect their software’s digital signatures (fingerprints).
Fingerprint Upload
Target company transfers the fingerprint collection securely to the FossID datacenter.
Audit Execution
Fingerprints are scanned against FossID’s Knowledge Base and the designated team of FOSS experts analyzes the results.
Report Delivery
Once the audit is completed, all reports (executive summary, SPDX, interactive SBOM, and security report) are available for review.
Walk-through session
FossID’s assigned project leader hosts a call and presents the audit results.
Open Source Audits for Maximum Security and Confidentiality
FossID can perform audits and generate reports without looking at the target source code, meeting the highest security and privacy concerns surrounding M&A transactions.
No source code exposure
Ensuring maximum security and confidentiality.
No legal hassle
Clean cut, easy process to get the job done.
No touch
Blind audit, done remotely. No need to bring auditors on site.
