Software Development Audits offer a complete analysis of the processes and practices that compose the software development life cycle (SDLC). Experts conduct in-depth interviews with key personnel to gain insight into the quality and maturity of the organization and its development practices, including coding standards, processes, and tools. From this, they provide an assessment of the current state and recommendations for improving the process while reducing development and maintenance costs.
Open Source and Third Party
Open Source and Third Party software audits draw upon world class tools using a range of software composition analysis (SCA) techniques, the Black Duck KnowledgeBase™ and open source-expert auditors to provide a complete and accurate Software Bill of Materials (SBoM) for the target codebase with open source and third party components and associated license obligations and license conflict analysis.
Additionally, utilizing a range of sources including Synopsys’s proprietary Black Duck Security Advisories (BDSAs), Open Source Risk Analyses identify known security vulnerabilities and operational risks and provide guidance on remediation. Finally, the reports identify encryption functions in use in applications so you can ensure compliance with internal, external, and governmental encryption requirements.
A Web Services and API Risk Audit (WSRA) generates a listing of the external web services used by an application, with insight into potential legal and data privacy risks.