Tuesday, August 20, 2019

Manage your open source risk with Veracode SCA

Veracode SCA now offers improved vulnerability results in open source

SCA Launch

Read our blog
 
 

Open source code libraries help developers deliver code quickly and efficiently. But, if those open source components are insecure, it can result in a data breach. To prevent this from happening, companies are turning to software composition analysis (SCA) solutions to identify vulnerabilities in the open source libraries they're using.

Veracode Software Composition Analysis allows companies to easily identify open source libraries in use, their vulnerabilities, licenses, and risks to their applications – helping companies protect both their applications and their customers' data through better DevSecOps practices.

We've recently updated Veracode SCA:

40% more vulnerabilities in database: Veracode SCA uses data mining and machine learning models to find vulnerabilities fixed in open source projects that haven't been reported to the National Vulnerability Database (NVD). These vulnerabilities are now tracked in Veracode SCA, providing you with 40% more vulnerabilities than those available in the NVD.

Check if vulnerable code is being called: Veracode SCA now helps you prioritize vulnerabilities in open source libraries where your first-party proprietary code is calling the method containing a vulnerability, rather than just linking the library in general. This can reduce the number of high-priority code fixes by 90%.

Automatically generate pull requests to fix vulnerabilities: Most vulnerabilities in open source code are straight-forward to fix. With Veracode SCA, you can now automate pull requests that fix open source vulnerabilities by updating a library to a secure version. Of course, you can still manually review these pull requests before they go live.

Agent-based Docker container scanning support: Veracode SCA now scans Docker containers and images to find vulnerabilities associated with open source libraries as dependencies of the base OS image and globally installed packages.

Extensive language/framework support: We support Java, JavaScript, Python, Ruby, PHP, Node.js, Go, Objective C, .NET, C/C++, Swift, and Scala.

Flexible scanning options: Customers can choose to conduct Veracode SCA scans through an agent in their pipeline or on the same files they're already uploading to the Veracode Platform for static analysis.

Unified reporting on the Veracode Platform: All Veracode SCA scans are now available in the Veracode Platform analytics, alongside static, dynamic, and penetration testing results.

 
GET THE TECHNICAL DETAILS IN OUR VERACODE SCA WHITEPAPER →
 
 

Contact Us

Sales: 888-937-0329

Support: 877-837-2203

EMEA: +44 (0)203 761 5501

Visit the new Community!

65 Network Drive

Burlington, MA 01803


36 Queen Street

London, EC4R 1BN

United Kingdom


 
 
Twitter
Facebook
LinkedIn
 

Subscribe to the content newsletter

                                                           

This email was sent to dasmith1973.blog@blogger.com. If you no longer wish to receive these emails you may unsubscribe at any time.

No comments: