close search bar

Sorry, not available in this language yet

close language selection

For over 15 years, Black Duck® audits have been the industry’s most trusted open source due diligence solution for M&A and internal compliance. When speed and accuracy are critical, high-tech enterprises and startups, PE firms, and legal advisors choose Black Duck for open source, security, quality, and compliance audit services.

What you don’t know can hurt you

What’s in the code matters when merger and acquisition (M&A) transactions are in motion. Undiscovered open source in applications can lead to costly license violations. These, along with security flaws in proprietary, open source, and other third-party software, can have a significant negative impact on the value of your software assets.

Fast results. Thorough analysis. Peace of mind.

Whether you are acquiring or being acquired, you need an audit partner that can provide fast, trusted, and comprehensive software audits to mitigate these risks.

Black Duck software audits give you the information your firm needs to quickly assess a broad range of software risks in your acquisition target’s software or your own. Get a complete picture of open source license obligation, application security, and code quality risks, so you can make informed decisions with confidence.


Free audit consultation

Call the audit hotline +1 781.425.4444 or fill out the form below, and one of our audit experts will contact you.

Get a consultation

The latest Open Source Security and Risk Analysis (OSSRA) delivers our annual in-depth look at the current state of open source security, compliance, licensing, and code quality risks in commercial software.

Open Source and Third-Party Code Audits | Synopsys

Open Source and Third-Party Code Audit

Open Source and Third-Party Code Audits draw on the Black Duck KnowledgeBase™ to provide you with a complete open source Bill of Materials (BoM) for the target codebase, showing all open source components and associated license obligations and conflict analysis.

Open Source Risk Assessment

An Open Source Risk Assessment (OSRA) builds on the Open Source and Third-Party Code Audit to provide a detailed view of open source risks in the codebase, including known security vulnerabilities and maintenance risks. Additionally, OSRA identifies encryption functions in use in applications so you can ensure compliance with internal, external, and governmental encryption requirements. It relies on Black Duck Enhanced Vulnerability data not available in the National Vulnerability Database (NVD), and can serve as a high-level action plan to prioritize research and potential remediation actions.

Web Services and API Risk Audit

A Web Services and API Risk Audit (WSRA) gives you a listing of the external web services used by an application, with insight into potential legal and data privacy risks. The summary report allows you to quickly evaluate web services risks across three key categories: governance, data privacy, and quality.

Learn more


Application Security Audits | Synopsys

Penetration Test Audits

Penetration Test (ethical hacking) Audits assess the security robustness of a software asset through an examination of the application in its full running state. They include exploratory risk analysis to bypass security controls (such as WAF and input validation) as well as attempts to abuse business logic and user authorization to demonstrate how hackers might gain access and cause damage. 

Static Application Security Test Audits

Static Application Security Test (SAST) Audits combine automated tool-based scans with a source code review to systematically find critical software security vulnerabilities such as SQL injection, cross-site scripting, buffer overflows, and the rest of the OWASP Top 10.

Secure Design Review Audits

Secure Design Review (SDR) Audits evaluate the design of key security controls—including password storage, identity and access management, and use of cryptography—against industry best practices to determine whether any are misconfigured, weak, misused, or missing. SDR Audits find system defects related to security controls in the design of the application; no testing or analysis of the application or code is performed.

Learn more



Software Code Quality Audit | Synopsys

Code Quality Audit

Code Quality Audits combine static analysis tools and manual code review to analyze code quality. Results are compared to industry benchmarks to assess quality, reusability, extensibility, and maintainability in proprietary code. Experts interpret the results and provide recommendations for addressing shortfalls in code quality.

Software Development Audit

Software Development Audits offer a complete analysis of the processes and practices that compose the software development life cycle (SDLC). Experts conduct in-depth interviews with a small number of key personnel to gain insight into the quality and maturity of development practices, including coding standards, processes, and tools. From this, they provide recommendations for improving code quality while reducing development and maintenance costs.

Design Quality Audit

Design Quality Audits use experienced architects and powerful architectural analysis tools powered by Silverthread, to assess overall architecture in terms of modularity and hierarchy, thus rounding out a complete picture of the health of the software. The report includes analysis on how the architecture impacts maintainability and identifies potential risk areas that are candidates for code refactoring.

Learn more

Learn more about Black Duck audits



Find out how PointClickCare uses Black Duck On-Demand by Synopsys to make sure their patient data stays secure.