nexB offers comprehensive consulting services, including Software Composition Analysis (SCA) audits for acquisition or investment due diligence or for your own products, along with implementation services for the AboutCode stack.
With over 15 years of experience providing SCA services to organizations of all sizes, the nexB team has analyzed hundreds of products and millions of lines of code.
For our consulting engagements, nexB uses the AboutCode stack of open source SCA tools, including the industry-leading code scanner ScanCode. We are also familiar with most of the other open source tools for FOSS compliance.
Organizations interested in implementing open source SCA tools and processes into their own software development processes can benefit from our experience and assistance. We can provide support for setting up your scanning and analysis processes, along with on-demand assistance to investigate complex SCA issues.
Accelerate your implementation of the AboutCode stack or integration of AboutCode modules with internal systems or third-party software. If your AboutCode implementation requires additional features from our roadmap, we can include new feature development in your nexB project.
nexB offers consulting services for any and all AboutCode modules. We can participate as members of your team or take the project management lead.
Most sellers do not have current and accurate data about the open source code in their products, but they will not want to show you their source code either.
nexB is a trusted third-party who can quickly analyze products of any size and technology to support your acquisition or investment due diligence process, while minimizing the impact on both the buyer and seller. We provide a comprehensive and actionable report of software IP issues supported by a detailed software inventory at the component and file level, and can tailor the depth of analysis to fit your concerns and schedule.
nexB has completed more than 500 due diligence audits with 100% customer satisfaction from both buyers and sellers.
Modern software products and systems typically contain more than 80% open source and third-party components. Organizations need to know the origin, licensing, and vulnerabilities of any software they use or distribute.
Our full-service SCA approach includes automated scanning tools and human expertise to interpret the scanning results and resolve ambiguous scanning clues. The key deliverables include:
✔ Create a Software Inventory with the origin and license for all software components in Development codebase repositories and their associated dependencies.
✔ Create a Software Bill of Materials (SBOM) identifying the specific software components included in each deployed or distributed product.
✔ Identify issues related to software license compliance and propose remediation options for these issues.
✔ Report known software vulnerabilities and available fixes.
✔ Create key license compliance artifacts, such as SBOMs or Attribution Notices for open source components.
✔ Check your existing Software Composition data for completeness and accuracy.
Run the complete AboutCode stack, on-premises, for open source compliance.
Support plans include direct access to the maintainers with problem resolution support to diagnose and fix problems and advisory support to answer your questions.
Get started with the AboutCode stack without hosting or infrastructure headaches, with AboutCode SaaS.
Or we can run, operate, and maintain the AboutCode stack – or select components – on your infrastructure or cloud.
Ensuring software license compliance can be difficult.
We can help.