Manage your open source risk with Veracode SCA

Veracode SCA now offers improved vulnerability results in open source

Veracode SCA now offers improved vulnerability results in open source Read our blog Open source code libraries help developers deliver code quickly and efficiently. But, if those open source components are insecure, it can result in a data breach. To prevent this from happening, companies are turning to software composition analysis (SCA) solutions to identify vulnerabilities in the open source libraries they're using. Veracode Software Composition Analysis allows companies to easily identify open source libraries in use, their vulnerabilities, licenses, and risks to their applications – helping companies protect both their applications and their customers' data through better DevSecOps practices. We've recently updated Veracode SCA: • 40% more vulnerabilities in database: Veracode SCA uses data mining and machine learning models to find vulnerabilities fixed in open source projects that haven't been reported to the National Vulnerability Database (NVD). These vulnerabilities are now tracked in Veracode SCA, providing you with 40% more vulnerabilities than those available in the NVD. • Check if vulnerable code is being called: Veracode SCA now helps you prioritize vulnerabilities in open source libraries where your first-party proprietary code is calling the method containing a vulnerability, rather than just linking the library in general. This can reduce the number of high-priority code fixes by 90%. • Automatically generate pull requests to fix vulnerabilities: Most vulnerabilities in open source code are straight-forward to fix. With Veracode SCA, you can now automate pull requests that fix open source vulnerabilities by updating a library to a secure version. Of course, you can still manually review these pull requests before they go live. • Agent-based Docker container scanning support: Veracode SCA now scans Docker containers and images to find vulnerabilities associated with open source libraries as dependencies of the base OS image and globally installed packages. • Extensive language/framework support: We support Java, JavaScript, Python, Ruby, PHP, Node.js, Go, Objective C, .NET, C/C++, Swift, and Scala. • Flexible scanning options: Customers can choose to conduct Veracode SCA scans through an agent in their pipeline or on the same files they're already uploading to the Veracode Platform for static analysis. • Unified reporting on the Veracode Platform: All Veracode SCA scans are now available in the Veracode Platform analytics, alongside static, dynamic, and penetration testing results. GET THE TECHNICAL DETAILS IN OUR VERACODE SCA WHITEPAPER → Contact Us Sales: 888-937-0329 Support: 877-837-2203 EMEA: +44 (0)203 761 5501 Visit the new Community! 65 Network Drive Burlington, MA 01803 36 Queen Street London, EC4R 1BN United Kingdom Subscribe to the content newsletter When you engage with Veracode we take the time to understand what interests you. Given activities in which you've participated in the past (you can find specifics here) we thought you'd be interested in the information above. If we got it wrong you can update your preferences by clicking here. If you'd like to know more about how we use your personal information, you can read our privacy statement here. © 2019 Veracode, all rights reserved View email in browser

                                                           

This email was sent to dasmith1973.blog@blogger.com. If you no longer wish to receive these emails you may unsubscribe at any time.