Re: But why are they inspecting the source code?
It *should* be, the checksum of the firmware applied should match one compiled from the inspected source tree.
Except, from what I know of this process being followed for various vendor's sources, it could be a mess of dependencies and fudges, so arriving at a matching checksum to the supplied firmwares would be a very expensive and fraught exercise by which time the firmware version supported would be several releases ahead and carry important security fixes*. And the amount of people this source would be disclosed to is very very small and could be suggested to have been undertaken simply as a box ticking exercise on a requirement.
*you know, those security fixes for bugs that for eg Huawei have never had, because they keep all their customers under NDA as part of the pricing contract.