GrammaTech CodeSentry Enhances Software Bill of Materials Capabilities to Improve Software Supply Chain Security
GrammaTech, a leading provider of application security testing products and software research services, today announced a new version of its CodeSentry software supply chain security platform which enables organizations to quickly produce a software bill of materials (SBOM). CodeSentry enables organizations to proactively detect and address risks in commercial off the shelf (COTS) applications and third-party software, and allows development teams to assure they are delivering secure and compliant software. With the integration of VulnDB from Risk Based Security, a Flashpoint company, CodeSentry version 3.0 now provides enhanced intelligence, visibility and remediation information for vulnerabilities present in open source components as well as license information that it detects by automating binary scanning.
Virtually all software applications include third-party and open-source components that create a software supply chain security blind spot. A recent Osterman Research report found that 100% of all analyzed COTS applications contained vulnerable open-source components, and critical vulnerabilities (CVSS 10.0) were present in 85% of them. In fact, nearly 60% of enterprise IT software contains third-party (33%) and open source (29.5%) code according to VDC Research.
To deliver unprecedented visibility into software supply chain security risks for third-party software consumers like enterprises and software vendors, CodeSentry performs binary software composition analysis (SCA) without access to source code. It generates a detailed SBOM to identify open source components, detect N-Day and Zero-Day vulnerabilities and deliver a comprehensive vulnerability report with remediation recommendations.
"With the rise in software supply chain attacks, organizations need to make themselves more resilient to threats by proactively managing the security posture of both the commercial applications they use and the software they develop and sell," said Vince Arneja, Chief Product Officer at GrammaTech. "CodeSentry provides deep visibility, intelligence and actionable information into the makeup of software applications and their vulnerabilities without access to source code so enterprises, development teams and software vendors can better identify and reduce cyber risk."
Comprehenive Software Supply Chain Security
For Software Developers
For Regulatory Compliance
Finally, CodeSentry provides license information for detected open source components in third-party code so developers can ensure they are compliant with any restrictions associated with the software license. This information also allows vendor risk management teams evaluating COTS software to assess the license risk associated with open source components.
CodeSonar® and CodeSentry® are registered trademarks of GrammaTech, Inc.
Harmonizing the Data from the Factory Floor
Driving Production Lessons from the Automotive Industry
Total Addressable Market for Your Solution