Reuters said the legislation, part of the defence spending bill, came in the wake of its report last year that a Russian defence agency was allowed to look at the source code of ArcSight, software used by the US military in cyber defence.
The law specifies that any security risks identified by the US Government would have to be mitigated by the company in question or the contract would be terminated.
The Russian review of the ArcSight source code was facilitated by Hewlett Packard Enterprise in order to obtain the certification needed to get orders for Russia's public sector.
Microsoft allowed China to inspect the source code of Windows as a prerequisite to craft a product — Windows 10 China Government Edition — that could be sold to the Chinese public sector.
Last year, Symantec chief executive Greg Clark said in an interview that, while his company was willing to sell its products in any country, “that is a different thing than saying, ‘Okay, we’re going to let people crack it open and grind all the way through it and see how it all works’.”
The legislation on source code disclosure was drafted by Democrat Senator Jeanne Shaheen of New Hampshire. It has been passed by Congress and sent to President Donald Trump for his signature.
Shaheen told Reuters in a statement: "This disclosure mandate is the first of its kind, and is necessary to close a critical security gap in our federal acquisition process.
“The Department of Defence and other federal agencies must be aware of foreign source code exposure and other risky business practices that can make our national security systems vulnerable to adversaries."