Software Composition Analysis

The Linchpin of Modern Software Development

Overview 

An estimated 90 percent of your code is from open source and third-party libraries. How are you verifying that you have their latest version and these are free from security issues such as Heartbleed, Poodle, Freak, Drown, Shellshock, or Apache Struts 2 RCE?

WhiteHat Software Composition Analysis (SCA) allows you to identify third-party and open source components that have been integrated into all your applications. It informs you about the licenses for each of them and identifies out-of-date libraries that should be upgraded or patched. SCA tells you if any open source frameworks have open CVEs that must be addressed.

WhiteHat offers two tiers of Software Composition Analysis (SCA) products to help secure development stages of the DevSecOps lifecycle.

WhiteHat Sentinel SCA Essentials is our new standalone Software Composition Analysis (SCA) offering that rapidly and accurately identifies third-party and open source components used in an organization’s applications. For each of these components, Sentinel SCA Essentials Edition identifies any open security common vulnerabilities and exposures (CVEs), licenses, and out-of-date library versions.

WhiteHat Sentinel Source Standard Edition offers Software Composition Analysis (SCA) integrated into the SAST Solution.The Sentinel Source Standard Edition offers unmatched accuracy needed for secure DevOps implementations, powered by WhiteHat’s Attack Vector IntelligenceTM (AVI) technology and direct access to  our Threat Research Center.

 

 

Full Inspection of Third-Party Components

In order to fully understand your application vulnerabilities and the overall security posture of your web and mobile applications, you need in-depth visibility into the third-party components that you are using. WhiteHat Sentinel Source Software Composition Analysis (SCA) can provide you with a deeper understanding of the open source code in your applications.

 

Benefits

SCA high visiblity

Accelerate Time-to-Market with SDLC Integration

SDLC Integrations, with Bug Tracking, ALM, and other developer tools, gives developers data about their code early in the process. They can safely and confidently utilize open source code, without introducing unnecessary risk.

application security for financial services

Flexible licensing options to choose from

WhiteHat Software Composition Analysis is offered as a standalone product or fully integrated into the WhiteHat Sentinel Application Security Platform. Accelerate time to-market for applications with Software Composition Analysis, by safely and confidently utilizing open source code, without introducing unnecessary risk.

SCA improved quality

Effortless Visibility into your Risk Posture

SCA dashboard shows CVE, versions, and license details, and reports on vulnerabilities that may have licensing and security issues.

SCA enhanced agility

Free from False Positives and supported by TRC

The premium SCA offering provide findings which are free from false positives. Also, get unlimited remediation guidance and direct access to WhiteHat Threat Research Center.

Customer Reviews