Open Source Blind Audits
Due to security and privacy concerns surrounding M&A transactions, FossID has designed a “Blind Audit” – a unique ability to perform audits and generate reports without the need to access source code.
Let us help you with your Mergers and Acquisitions Transactions!
Targeted for M&A and corporate transactions
Confidential, comprehensive, and precise Free and Open-Source Software (FOSS) audits.
Our team of experts performs trustworthy audits thanks to years of experience using our Software Composition Analysis (SCA) and FOSS scanning tools.
Code confidentiality with Blind Audits
Blind Audits never access or transfer your source code, scanning cryptographic hashes instead.
Industry-leading knowledge base
Audits leverage FossID’s and Snyk’s best-in-class knowledge base for FOSS license compliance and security.
Snippet matching in just 6 lines of code
Audits uncover the smallest traces of Open-Source licenses and vulnerabilities.
Actionable reports for all teams
FossID’s Blind Audits result in a collection of comprehensive reports in industry-standard formats, granting full insight into Open-Source components, files, and snippets along with their corresponding origins and licenses.
High-level view of the Open-Source licensing and security vulnerability status of the audited software.
The industry standard for communicating the components, licenses, and copyrights associated with software packages.
A filterable view of all detected 3rd party FOSS components, files, and code snippets used to create follow-up actions.
Comprehensive list of all detected Common Vulnerabilities and Exposures (CVEs) and Common Platform Enumerations (CPEs).
Blind Audit – Step by step
Stand-alone utility is sent to the target company along with execution instructions to collect their software’s digital signatures (fingerprints).
Target company transfers the fingerprint collection securely to the FossID datacenter.
Fingerprints are scanned against FossID’s Knowledge Base and the designated team of FOSS experts analyzes the results.
Once the audit is completed, all reports (executive summary, SPDX, interactive SBOM, and security report) are available for review.
FossID’s assigned project leader hosts a call and presents the audit results.
Open Source Audits for Maximum Security and Confidentiality
FossID can perform audits and generate reports without looking at the target source code, meeting the highest security and privacy concerns surrounding M&A transactions.
No source code exposure
Ensuring maximum security and confidentiality.
No legal hassle
Clean cut, easy process to get the job done.
Blind audit, done remotely. No need to bring auditors on site.