Open Source Blind Audits

Due to security and privacy concerns surrounding M&A transactions, FossID has designed a “Blind Audit” – a unique ability to perform audits and generate reports without the need to access source code.

Let us help you with your Mergers and Acquisitions Transactions!

Targeted for M&A and corporate transactions

Confidential, comprehensive, and precise Free and Open-Source Software (FOSS) audits.
Our team of experts performs trustworthy audits thanks to years of experience using our Software Composition Analysis (SCA) and FOSS scanning tools.
Code confidentiality with Blind Audits

Blind Audits never access or transfer your source code, scanning cryptographic hashes instead.

Industry-leading knowledge base

Audits leverage FossID’s and Snyk’s best-in-class knowledge base for FOSS license compliance and security.

Snippet matching in just 6 lines of code

Audits uncover the smallest traces of Open-Source licenses and vulnerabilities.

Actionable reports for all teams

FossID’s Blind Audits result in a collection of comprehensive reports in industry-standard formats, granting full insight into Open-Source components, files, and snippets along with their corresponding origins and licenses.

Executive Summary

High-level view of the Open-Source licensing and security vulnerability status of the audited software.

SPDX Report

The industry standard for communicating the components, licenses, and copyrights associated with software packages.

Interactive SBOM

A filterable view of all detected 3rd party FOSS components, files, and code snippets used to create follow-up actions.

Vulnerability Report

Comprehensive list of all detected Common Vulnerabilities and Exposures (CVEs) and Common Platform Enumerations (CPEs).

Blind Audit – Step by step

1
Fingerprint Collection

Stand-alone utility is sent to the target company along with execution instructions to collect their software’s digital signatures (fingerprints).

2
Fingerprint Upload

Target company transfers the fingerprint collection securely to the FossID datacenter.

3
Audit Execution

Fingerprints are scanned against FossID’s Knowledge Base and the designated team of FOSS experts analyzes the results.

4
Report Delivery

Once the audit is completed, all reports (executive summary, SPDX, interactive SBOM, and security report) are available for review.

5
Walk-through session

FossID’s assigned project leader hosts a call and presents the audit results.

Open Source Audits for Maximum Security and Confidentiality

FossID can perform audits and generate reports without looking at the target source code, meeting the highest security and privacy concerns surrounding M&A transactions.

No source code exposure

Ensuring maximum security and confidentiality.

No legal hassle

Clean cut, easy process to get the job done.

No touch

Blind audit, done remotely. No need to bring auditors on site.

Request a demonstration on how audits work

wpChatIcon