Undiscovered open source in applications can lead to potentially harmful license violations and security vulnerabilities that significantly affect the value of any software asset your company is looking to acquire or sell. When merger and acquisition (M&A) transactions or internal reviews are in motion, you need a fast, trusted, and comprehensive software audit to mitigate these risks.

Open source risk management expertise on demand

For over 15 years, Black Duck On-Demand audits have been the industry’s most trusted open source due diligence solution for M&A and internal compliance. When speed and accuracy of results count, the world’s leading companies and legal teams choose Black Duck.

Fast results. Thorough analysis. Peace of mind.

Black Duck On-Demand audits can give you the information your business needs to quickly identify and manage your open source risks. Get a complete picture of your or your acquisition target’s software, along with the associated licenses and obligations, security vulnerabilities, overall code quality, encryption algorithms, and web services risks that could come with it.


Call the Audit hotline
+1 781.425.4444

250 / 250

License Compliance Audit

License Compliance Audit

Inventory open source and identify license compliance issues in any codebase.

License Compliance Audits provide you with a complete open source bill of materials (BoM) for the target codebase, showing all open source components and associated license obligations as well as risk analysis and remediation recommendations from the Black Duck KnowledgeBase™.  

Learn more


open source risk assessment

Open Source Risk Assessment

Get detailed information on open source security risks in your code.

Open Source Risk Assessments provide an enhanced view of risks in the codebase, including known security vulnerabilities and component quality risks. The report can serve as a high-level action plan to prioritize research and potential remediation across the various categories of open source risk.

Learn more



code quality audit

Code Quality Audit

Assess code and process quality across key software quality criteria.

Code Quality Audits assess quality, reusability, the build process, and documentation in proprietary code and provide you with:

  • High-quality assessments using static analysis tools and manual code review, with comparisons to industry benchmarks
  • Review of development practices, including coding standards, processes, and tools
  • Recommendations and considerations to improve code quality while reducing software development and maintenance costs



Web Services Risk Audit

Web Services Risk Audit

Identify potential web services security, data protection, and licensing risks.

Web Services Risk Audits give you a listing of the external web services used by an application, with insight into web services that may introduce legal or privacy risk into an application. The summary report allows you to quickly evaluate web services risks across three key categories: governance, data privacy, and quality.

Learn more


Encryption audits

Encryption Audit

Identify and document encryption algorithms to ensure compliance.

Encryption Audits identify the encryption functions in proprietary, open source, and other third-party software components so you can disclose the proper information to government regulators to assure compliance with export regulations and avoid export restriction. These audits also enable you to ensure that the encryption code in the product meets your corporate software licensing requirements.

Learn more


Learn more about Black Duck On-Demand audits


Managing the Threat in Mergers & Acquisitions

The prevalence of open source in applications today and what risks that poses in the realm of M&A.