SCANTICK
OSS Security and Compliance Audit Certification by Scantist
SCANTICK audits verify if a software application uses third-party components in a responsible manner – ensuring protection against 106,000+ publicly disclosed vulnerabilities and 43,000+ security bugs, while simultaneously being legally compliant.
Scantick audit report
Our audit report gives a comprehensive overview of your application’s open source usage and dependency, and comprises of three key components:
OSS Bill of Materials
The SCANTICK report provides a comprehensive list of open source components within your software or application and their licenses, including all direct and transitive dependencies. OSS is the silent supply chain for modern software applications and having full transparency of your OSS components is crucial to mitigate any risks associated with the use of OSS.
Security Risk Assessment
The SCANTICK report identifies all vulnerabilities in your open source libraries and priorises your remediation efforts using organisation level searches. Our developer focused remediation recommendations include a compatibility analysis to ensure fixes on all levels without compromising the speed of doing so.
Legal Risk Assessment
The SCANTICK report provides a license and policy verification of your open source components according to your organisation’s needs and ensure legal compliance of your applications.
Speak to an expert at Scantist to tailor an audit report based on your organisation’s needs.
Additionally, Scantist can also provide remediation details, issue prioritisation and alternative component recommendation. Our audit service is curated to suit your needs for full transparency on your open source dependency usage.