Software Composition analysis

Security is everyone's job. When said this security now takes a shift left and moves to the first phase which is development. Writing secure code is always necessary. Code written can be analysed during the build phases to identify potential vulnerabilities even before going live. But what about the libraries that we import and use in our applications.

When writing code, most of times we will use libraries from external parties. These libraries provide additional functionality to whatever we are developing. So how can we make sure that these libraries are secured. How can we make sure these libraries does not include any vulnerabilities. This is where the Software composition analysis tool comes into picture.

Software Composition analysis (SCA) is a process of automating the visibility into the Open source components for the purpose of risk managements, security and license compliance. Source Clear is one such tool.

In this page we will see some of the tools that helps in analysing the third party libraries,
Source Clear - Integration with Jenkins

No comments :

Post a Comment