The use of open-source components in custom-built applications creates intellectual property and security risks for business owners and corporate legal teams. CAST Highlight provides an effective, fast-rollout alternative or complement to traditional Software Composition Analysis (SCA) products for controlling the risks inherent in open-source software across entire application portfolios, the company said.
Now, CAST Highlight subscribers can install and use a new browser extension that allows them to see the legal and security exposures associated with a particular open-source component as they attempt to download it from the internet.
SCA Browser Extension
The new CAST Highlight SCA browser extension for Chrome enables users to tap into CAST’s industry leading knowledgebase of over 100 million open-source components and view insights in real time while browsing for specific components across the internet.
The extension shows details such as licensing requirements, security vulnerabilities, and technology obsolescence directly in the browser window for the component on the current page. It also identifies if the component belongs to the “Allow” or “Deny” list as specified by the user’s organisational policy. Users can now make smarter decisions about the use of specific open-source components before downloading them from the internet.
The new SCA browser extension is available for all CAST Highlight subscribers.