< overview
Undiscovered open source in applications can lead to potentially harmful license violations and security vulnerabilities that significantly affect the value of any software asset your company is looking to acquire or sell. When merger and acquisition (M&A) transactions or internal reviews are in motion, you need a fast, trusted, and comprehensive software audit to mitigate these risks.
Open source risk management expertise on demand
For over 15 years, Black Duck On-Demand audits have been the industry’s most trusted open source due diligence solution for M&A and internal compliance. When speed and accuracy of results count, the world’s leading companies and legal teams choose Black Duck.
Fast results. Thorough analysis. Peace of mind.
Black Duck On-Demand audits can give you the information your business needs to quickly identify and manage your open source risks. Get a complete picture of your or your acquisition target’s software, along with the associated licenses and obligations, security vulnerabilities, overall code quality, encryption algorithms, and web services risks that could come with it.
License Compliance Audit
Inventory open source and identify license compliance issues in any codebase.
License Compliance Audits provide you with a complete open source bill of materials (BoM) for the target codebase, showing all open source components and associated license obligations as well as risk analysis and remediation recommendations from the Black Duck KnowledgeBase™.
Open Source Risk Assessment
Get detailed information on open source security risks in your code.
Open Source Risk Assessments provide an enhanced view of risks in the codebase, including known security vulnerabilities and component quality risks. The report can serve as a high-level action plan to prioritize research and potential remediation across the various categories of open source risk.
Code Quality Audit
Assess code and process quality across key software quality criteria.
Code Quality Audits assess quality, reusability, the build process, and documentation in proprietary code and provide you with:
- High-quality assessments using static analysis tools and manual code review, with comparisons to industry benchmarks
- Review of development practices, including coding standards, processes, and tools
- Recommendations and considerations to improve code quality while reducing software development and maintenance costs
Web Services Risk Audit
Identify potential web services security, data protection, and licensing risks.
Web Services Risk Audits give you a listing of the external web services used by an application, with insight into web services that may introduce legal or privacy risk into an application. The summary report allows you to quickly evaluate web services risks across three key categories: governance, data privacy, and quality.
Encryption Audit
Identify and document encryption algorithms to ensure compliance.
Encryption Audits identify the encryption functions in proprietary, open source, and other third-party software components so you can disclose the proper information to government regulators to assure compliance with export regulations and avoid export restriction. These audits also enable you to ensure that the encryption code in the product meets your corporate software licensing requirements.
Learn more about Black Duck On-Demand audits
Webinar
2018 Open Source Audit Findings: Assessing Open Source Risk in M&A
Results from open source audits highlight risks you need to consider during M&A.
Watch the webinar
Case Study
AccessOne
Learn how Black Duck by Synopsys helped AccessOne gain visibility into open source risk.
Read the case study
Checklist
M&A Due Diligence Checklist
This checklist will help ensure you cover your open source risks during M&A.
Get the checklist