An estimated 90 percent of your code is from open source and third-party libraries. How are you verifying that you have their latest version and these are free from security issues such as Heartbleed, Poodle, Freak, Drown, Shellshock, or Apache Struts 2 RCE?
WhiteHat Software Composition Analysis (SCA) allows you to identify third-party and open source components that have been integrated into all your applications. It informs you about the licenses for each of them and identifies out-of-date libraries that should be upgraded or patched. SCA tells you if any open source frameworks have open CVEs that must be addressed.
WhiteHat offers two tiers of Software Composition Analysis (SCA) products to help secure development stages of the DevSecOps lifecycle.
WhiteHat Sentinel SCA Essentials is our new standalone Software Composition Analysis (SCA) offering that rapidly and accurately identifies third-party and open source components used in an organization’s applications. For each of these components, Sentinel SCA Essentials Edition identifies any open security common vulnerabilities and exposures (CVEs), licenses, and out-of-date library versions.
WhiteHat Sentinel Source Standard Edition offers Software Composition Analysis (SCA) integrated into the SAST Solution.The Sentinel Source Standard Edition offers unmatched accuracy needed for secure DevOps implementations, powered by WhiteHat’s Attack Vector IntelligenceTM (AVI) technology and direct access to our Threat Research Center.
Full Inspection of Third-Party Components
In order to fully understand your application vulnerabilities and the overall security posture of your web and mobile applications, you need in-depth visibility into the third-party components that you are using. WhiteHat Sentinel Source Software Composition Analysis (SCA) can provide you with a deeper understanding of the open source code in your applications.