- Silicon Design & Verification
- Products
- Solutions
- Resources
- Services
- Community
- Training
- Silicon IP
- Products
- Markets
- Newsletter
- Customer Success
- News
- Resources
- Company
- About Us
- Investor Relations
- Community
- Newsroom
- Resources
- Careers
< Silicon Design & Verification
Silicon Design & Verification
< Products
< Products
< Products
< Products
< Products
< Products
< Products
Photonic Solutions
PIC Design Suite
< Silicon Design & Verification
< Solutions
< Solutions
< Solutions
Cloud
Synopsys on the Cloud
< Solutions
< Silicon Design & Verification
< Resources
< Resources
Verification
Articles
Blogs
Datasheets
Events
News
Newsletters
Success Stories
Videos
Webinars
White Papers
< Resources
< Silicon Design & Verification
< Services
< Services
< Services
< Silicon Design & Verification
< Community
Community
Community Overview
< Community
< Community
< Community
< Community
< Silicon Design & Verification
< Training
< Silicon Design & Verification
Training
Training and Education
< main menu
< Silicon IP
Silicon IP
< Products
< Products
Processor Solutions
ARC Processor IP
Embedded Vision Processor IP
Development Tools
Operating Systems
Ecosystem
ASIP Tools
< Products
Memories & Libraries
Logic Libraries
Memory Compliers
Duet Packages
HPC Design Kit
Embedded Test & Repair
Non-Volatile Memory
< Products
< Products
Analog IP
Data Converters
< Products
< Products
< Products
< Silicon IP
< Markets
< Silicon IP
Newsletter
< Silicon IP
Customer Success
< Silicon IP
News
< Resources
< Resources
< main menu
< Software Integrity
Polaris Platform
Comprehensive application security from developer to deployment
< Software Integrity
< Software Integrity
< Software Integrity
Professional Services
Strategy and programs that address security before, during and after development
< Software Integrity
< Tools
< Tools
< Tools
< Tools
< Software Integrity
< Services
Managed Security Testing
Managed SAST
Dynamic Analysis (DAST)
Penetration Testing
Mobile Application Security Testing
Network Security Testing
< Services
Professional Services
Strategy and Planning (BSIMM)
Architecture & Design
DevSecOps Integration
Cloud Security
Industry Solutions
< Services
< Software Integrity
< Training
< Training
Product Education
< Training
Community
< Software Integrity
< Solutions
< Solutions
< Resources
< Resources
< Software Integrity
< Software Integrity
Customers
< Partners
< Partners
Become a partner
< Software Integrity
< Software Integrity
Blog
< main menu
< About Us
Company
< About Us
< About Us
About Us
About Us
< Investor Relations
< About Us
Investor Relations
Investor Relations
< Community
< About Us
Community
Community
< Newsroom
< About Us
Newsroom
Newsroom
< Resources
< About Us
Resources
Resources
< Careers
< About Us
Careers
Careers
< main menu
Black Duck Audits
On-demand expertise to help you quickly identify open source, legal, security, and quality risks in software
For over 15 years, Black Duck audits have been the industry’s most trusted open source due diligence solution for M&A and internal compliance. When speed and accuracy are critical, high-tech enterprises and startups, PE firms, and legal advisors choose Black Duck for open source, security, quality, and compliance audit services.
What you don’t know can hurt you
What’s in the code matters when merger and acquisition (M&A) transactions are in motion. Undiscovered open source in applications can lead to costly license violations. These, along with security flaws in proprietary, open source, and other third-party software, can have a significant negative impact on the value of your software assets.
Fast results. Thorough analysis. Peace of mind.
Whether you are acquiring or being acquired, you need an audit partner that can provide fast, trusted, and comprehensive software audits to mitigate these risks.
Black Duck software audits give you the information your firm needs to quickly assess a broad range of software risks in your acquisition target’s software or your own. Get a complete picture of open source license obligation, application security, and code quality risks, so you can make informed decisions with confidence.
Free audit consultation
Call the audit hotline
+1 781.425.4444
or fill out the form below, and one of our audit experts will contact you.
Open Source and Third-Party Code Audit
Open Source and Third-Party Code Audits draw on the Black Duck KnowledgeBase™ to provide you with a complete open source bill of materials (BoM) for the target codebase, showing all open source components and associated license obligations and conflict analysis.
Open Source Risk Assessment
The OSRA builds on the Open Source and Third-Party Code Audit to provide a detailed view of open source risks in the codebase, including known security vulnerabilities and maintenance risks. It relies on Black Duck Enhanced Vulnerability data not available in the National Vulnerability Database (NVD), and can serve as a high-level action plan to prioritize research and potential remediation actions.
Web Services and API Risk Audit
The WSRA gives you a listing of the external web services used by an application, with insight into potential legal and data privacy risks. The summary report allows you to quickly evaluate web services risks across three key categories: governance, data privacy, and quality.
Penetration Test Audits
Penetration Test (ethical hacking) Audits assess the security robustness of a software asset through an examination of the application in its full running state. They include exploratory risk analysis to bypass security controls (such as WAF and input validation) as well as attempts to abuse business logic and user authorization to demonstrate how hackers might gain access and cause damage.
Static Application Security Test Audits
SAST Audits combine automated tool-based scans with a source code review to systematically find critical software security vulnerabilities such as SQL injection, cross-site scripting, buffer overflows, and the rest of the OWASP Top 10.
Security Controls Design Analysis
SCDA evaluates the design of key security controls—including password storage, identity and access management, and use of cryptography—against industry best practices to determine whether any are misconfigured, weak, misused, or missing. SCDA finds system defects related to security controls in the design of the application; no testing or analysis of the application or code is performed.
Quantitative Code Quality Audit
Quantitative Code Quality Audits combine static analysis tools and manual code review to analyze code quality. Results are compared to industry benchmarks to assess quality, reusability, extensibility, and maintainability in proprietary code. Experts interpret the results and provide recommendations for addressing shortfalls in code quality.
Qualitative Code Quality Audit
Qualitative Code Quality Audits offer a complete analysis of the processes and practices that compose the software development life cycle (SDLC). Experts conduct in-depth interviews with a small number of key personnel to gain insight into the quality and maturity of development practices, including coding standards, processes, and tools. From this, they provide recommendations for improving code quality while reducing development and maintenance costs.
Encryption Audit
Encryption Audits identify the encryption functions in proprietary, open source, and other third-party software components so you can disclose the proper information to government regulators to assure compliance with export regulations and avoid export restriction. These audits also enable you to ensure that the encryption code in the product meets your corporate security requirements.
Learn more about Black Duck audits
Webinar
2019 Open Source Audit Findings: Assessing Open Source Risk in M&A
Results from open source audits highlight risks you need to consider during M&A.
Watch the webinar
Video
PointClickCare
Find out how PointClickCare uses Black Duck On-Demand by Synopsys to make sure their patient data stays secure.
Watch the testimonial
Checklist
M&A Due Diligence Checklist
This checklist will help ensure you cover your open source risks during M&A.
Get the checklist
Video
Managing the Threat in Mergers & Acquisitions
The prevalence of open source in applications today poses risks in the realm of M&A.
Blog
How an open source software audit works
Understand the process of an open source audit—what comes before, during, and after.
Read the blog
Training
Legal Specialist Certification Course
In this course you’ll gain skills to assist client companies in efficiently and effectively navigating and interpreting the output of a Black Duck analysis.
Learn more
Case Study
AccessOne
Learn how Black Duck audits helped AccessOne gain visibility into open source risk.
Read the case study
Certification Directory
Certification Directory
Access the directory of legal professionals who have been certified as Black Duck Legal Specialists.
Learn more