FossID’s unique technology provides you with a mechanism to run open source scans without requiring access to the source code. This unprecedented approach to open source scanning is called Blind Audit.
FossID Blind Audit allows you to perform a scan, inspect all matches to the open source community, audit the software and generate the corresponding reports, without ever looking at the source code.
The procedure to run a Blind Audit is simple:
- Fingerprint collection: FossID CLI is used to collect digital signatures (fingerprints) of your software. The collection of digital signatures cannot be reversed into the original source code, but is enough for the Workbench to compare against FossID’s Knowledge Base and collect the scanning results.
- Blind Audit Scan: The collection of digital signatures is uploaded to your Workbench and a scan against the FossID’s Knowledge Base is performed. A regular audit can be carried out from the Workbench without having access to the source code.