The auditor will give you a final report.
It should contain:
A summary of the process undertaken
What was covered by the audit
Version Control information
The final Audit Prep Report
A list of issues found
Any mitigation or responses are contained here
Uses the OWASP Model
Final signature by the auditor that they performed an audit on your code
This report is a attestation by the auditor that they did what they mentioned in their final report. It is not an endorsement of the underlying product and should not be used for marketing purposes. It is also not a security or correctness guarantee of the code.
Got a comment? Check out our Gitter Channel!
Copyright and related rights waived via CC0