Open Source License Audits

Black Duck Software’s tools have an unmatched reputation as a trusted source for open source code audits provides you with both the information you need and the confidence to act on it. When you need to quickly find and identify open source and third party code, and the related software provenance and licensing obligations, Black Duck Software provides fast, secure, simple and thorough analyses of your software intellectual property assets that your business, legal counsel, and engineering teams can review and immediately act on.  Using these tools SDC Systems are able to provide open source license audits as a one-off or ongoing service to your business.

Our open source audit service enables you to:

  • Discover undeclared and unknown open source and third-party software to mitigate potential legal exposure
  • Receive a more thorough and accurate analysis than is possible through manual audits that are inherently susceptible to human error
  • Identify encryption technologies that can impact and restrict the legal export of acquired software
  • Make modifications and remediate quickly
  • Identify potential security vulnerabilities that can impact asset value

The output includes the open source project name, home page, license text, and potential conflicts from snippet matches. In addition, string searches, usage models of components, file name detections, security vulnerability mapping, and software dependencies are analyzed.

Upon completion you’ll receive a comprehensive report of external software assets including:

  • Summary of code content and risks
  • Composition of code: Open source (and other third party) components, libraries, applications
  • Source code snippets copied and pasted into code
  • Side by side comparisons of code matches
  • Licenses in effect and potential license conflicts
  • Full text of all relevant license
  • Cryptographic analysis and potential export issues (optional)

Analysis of security vulnerabilities associated with open source components (optional)