Synopsys logo
Breaking News

Why Your Next DevSecOps Investment Needs to be Software Composition Analysis

The popularity of reusable software components has soared throughout the developer community in recent years, largely due to the convenience and time saving opportunities they offer. Instead of coding everything from scratch, developers can now pull powerful features directly off the shelves of third-party open source libraries and plug them straight into their applications, significantly speeding up the development cycle. According to WhiteHat’s 2018 Application Security Statistics Report, up to 70 percent of every application is now comprised of these reusable software components, showing just how ubiquitous they have become.

However, while the benefits are hard to ignore, this new approach to development also comes with some notable issues. Chief among them is the fact that many of these reusable components are known to contain security vulnerabilities, some small, others highly significant. Every time one of these components is reused, any vulnerability it contains is also replicated, which can quickly lead to spiralling security problems if left unchecked.

Properly securing these reusable software components is critical and doing so requires software composition analysis (SCA). This security technology can identify where these components are within your applications and detect any vulnerabilities present in their code. Without SCA, it’s practically impossible to verify that the components you’re using over and over again are both up-to-date and free from dangerous security issues such as Heartbleed, Poodle, Freak, Drown, Shellshock, or Apache Struts 2 RCE.

In recognition of this growing market need, WhiteHat now offers two tiers of powerful SCA products, specifically designed to keep all of your applications safe and secure during the DevSecOps lifecycle.

  1. WhiteHat Sentinel SCA Essentials Edition is our standalone SCA offering that rapidly and accurately identifies third-party and open source components used in your applications. For each of these components, Sentinel SCA Essentials Edition identifies any open security common vulnerabilities and exposures (CVEs), licenses, and out-of-date library versions.
  1. WhiteHat Sentinel Source Standard Edition offers SCA integrated into the SAST Solution. The Sentinel Source Standard Edition offers unmatched accuracy needed for secure DevOps implementations, powered by WhiteHat’s Attack Vector IntelligenceTM(AVI) technology and direct access to our Threat Research Center.

Of course, we believe that our SCA products are among the very best available today, but please don’t just take our word for it. Forrester has recently named WhiteHat as a Contender in The Forrester Wave™: Software Composition Analysis, Q2 2019 report –

This highly respected independent assessment scores 10 of the most significant global SCA providers across 33 criteria and evaluates top vendors within three segments: Current Offering, Strategy and Market Presence. It then shows how each provider measures up and identifies the vendors who can “provide developers with remediation advice and even create patches to position themselves to significantly reduce business risk.”

In its assessment, Forrester states, “WhiteHat Security has been known for reducing false positives by having its security team review scan results before sending them back to customers. Now, WhiteHat is able to offer a fully automated solution with Sentinel SCA Essentials in addition to WhiteHat Sentinel SCA Standard, which still has security team verification.”

We believe that being named amongst this group of top SCA providers by such a respected global analyst firm serves as true evidence that our application-based approach to security is exactly what modern organizations are looking for today.

For more information about WhiteHat’s unique SCA products, visit our website at