CodeSecure, a number one supplier of software safety testing (AST) options, and FOSSA, a distinguished software program provide chain platform, just lately introduced a strategic partnership and native product integration that’s centered on eliminating safety blindspots related to each third get together and open supply code.
The partnership combines CodeSecure’s CodeSentry Binary Composition Evaluation (BCA) capabilities inside FOSSA’s superior software program provide chain evaluation and SBOM administration platform. This single built-in answer offers steady visibility for proactively detecting and mitigating software program safety vulnerabilities and compliance violations at each stage of the software program growth lifecycle (SDLC).
The CodeSentry-FOSSA integration permits App Builders and DevSecOps groups to generate complete SBOMs that account for each open supply and binaries contained of their software program builds—offering complete transparency into vulnerabilities, dependencies, and compliance violations. By figuring out vulnerabilities through the growth part—when they’re simpler and more cost effective to remediate—this built-in platform reduces threat and accelerates safe software program supply.
Open-source software program and third-party software program parts—together with libraries, add-ons, drivers, working system parts, and networking code—current distinctive safety challenges. Whereas open supply evaluation instruments are efficient for scanning vulnerabilities in accessible supply code information, many third-party and infrastructure parts are distributed as precompiled binaries. These binaries require specialised BCA to precisely determine embedded vulnerabilities, dependencies, and potential dangers. The FOSSA platform with BCA offers unified scanning, which is required to attain complete software program safety protection.
The FOSSA platform, pre-integrated with CodeSecure CodeSentry, appears to be like to handle the next DevSecOps wants:
- Complete SBOM Technology. Consolidates insights from each supply and binary code evaluation to produce full software program inventories.
- Early Vulnerability Detection and Remediation. Identifies and helps mitigate vulnerabilities early within the growth lifecycle, lowering complexity and price.
- Unified Safety and Compliance Administration. Offers a single supply for sustaining software program licensing compliance and securing third-party dependencies.
Data on the platform is accessible at https://fossa.com/request-demo.
