nexB offers comprehensive Software Composition Analysis (SCA) services, ranging from a full-service approach for acquisition or investment due diligence to a product-baseline software audit for evaluating a Software Bill of Materials (SBOM) from your engineering team or a supplier.
With over twelve years of experience providing SCA services to organizations of all sizes, the nexB team has analyzed hundreds of products and millions of lines of code.
Modern software products and systems typically contain more than 80% open source and third-party components. Organizations need to know the origin and licensing of any software they use.
SCA provides an accurate and current analysis of all the components in your software with the key objectives are to:
✔ Determine the specific origin and license for each software component in a product using trusted disclosures, automated scanning tools and human expertise to interpret the scanning results and resolve ambiguous scanning clues.
✔ Create a Software Inventory with the origin and license for all software components in a Development codebase (repositories).
✔ Create a Software Bill of Materials (SBOM) identifying the subset of development codebase components used in each product release.
✔ Identify issues related to software license compliance and propose remediation options for these issues.
✔ Create key license compliance artifacts, such as Attribution Notices for open source components.
✔ Concise reports detailing any detected issues, with practical remediations for each.
✔ Practical remediations for any detected issues.
✔ Complete SBOM and inventories for each product.
✔ Minimal impact of product and software engineering teams.
nexB offers different levels of SCA services based on your needs and requirements.
Our full-service SCA approach includes expert analysts performing all the scanning and analysis tasks, and delivering the completed Software Inventory and SBOM files, along with a comprehensive report of Issues and Recommended Actions. This applies for due diligence when you plan to acquire or invest in a company, or when you need a baseline audit of your own software products.
Our software audit is a true “audit” of your SCA data for a product or set of products. We check your existing Software Composition data for completeness and accuracy, compared to our extensive component and package reference data.
For our SCA Services projects, nexB uses our own open source SCA tools, including the industry-leading code scanner ScanCode and other AboutCode tools.
Organizations interested in implementing these tools and processes into their own software development processes can benefit from our assistance. We can provide support for setting up the scanning and analysis processes, along with on-demand assistance to investigate complex SCA issues.
nexB offers Product-Baseline Software Audits to identify license obligations and potential licensing risks for open source and other third-party software components in your software.
Already have an OSS compliance program? nexB can evaluate the completeness and accuracy of component information in an existing Software Bill of Materials (SBOM) and analyze the codebase to verify the SBOM’s completeness and accuracy.
With either approach, nexB provides actionable remediations and delivers the SBOM for each product, not just the development inventory.
Most sellers do not have current and accurate data about the open source code in their products, but they will not want to show you their source code either.
nexB is a trusted third-party who can quickly analyze products of any size and technology to support your acquisition or investment due diligence process, while minimizing the impact on both the buyer and seller. We provide a comprehensive and actionable report of software IP issues supported by a detailed software inventory at the component and file level, and can tailor the depth of analysis to fit your concerns and schedule.
nexB has completed more than 500 Due Diligence Audits with 100% customer satisfaction from both buyers and sellers.