Software composition analysis (SCA), according to a recent announcement from Contrast Security (Contrast), is now accessible in CodeSec without charge. The first to offer free application security testing and SCA in a single, developer-friendly interface is CodeSec, the market’s fastest and most accurate developer-first scanner. With the help of the new SCA functionality, developers will be able to rapidly and correctly detect risky third-party libraries and start writing secure code. Developers can start shipping code with confidence while simply developing a standardised software bill of materials (SBOM) to control supply chain risk thanks to a frictionless install, quick scanning of open source software (OSS), and immediate actionable findings.
CodeSec, which was developed using the technology employed by Contrast’s customer base of hundreds of thousands of developers at some of the biggest brand-name companies in the world, improves developer security by providing the following capabilities directly to the developer’s laptop without charge:
- Discover dependencies: Protect vulnerable libraries (in Java, Javascript, Python, Ruby, GO, PHP, and.NET) in OSS with lightning-fast scans (SCA), precise results, and helpful remedial advice to expedite code delivery and make typical SBOMs simple.
- Protect your code: With quick, industry-leading (SAST) scans and useful remedial advice, in a straightforward command line interface, optimise code security for Java, Javascript, and.NET apps. Additionally, Contrast GitHub Actions are a free tool that developers may use to safeguard GitHub processes.
- Protect your cloud-native applications by utilising a brand-new, innovative application security tool for serverless environments in Amazon Web Services (AWS) Lambda Functions (Java + Python) that quickly and accurately identifies cloud-native vulnerabilities while offering remediation guidance in a straightforward command line interface (CLI).
Gartner estimates that applications in modern software solutions that employ open source have vulnerabilities in them in the amount of 70%. Applications and APIs created with open source are trusted and relied upon by every sector, including government, healthcare, and finance. Organizations all around the world are in urgent need of creating SBOMs to comprehend the components in their software supply chain as a result of the Log4J vulnerability and the SolarWinds attack.
“SBOMs are a critical component of having a secure software supply chain. As part of US Executive Order 14208, the US National Institute of Standards and Technology (NIST) includes a key directive for organizations to ‘Establish and maintain a software inventory or an SBOM,’” said Katie Norton, senior research analyst at IDC. “Free solutions for developers, like CodeSec – SCA, will play an important role in helping ramp up the adoption of SBOMs.”
Sadly, outdated SCA tools offer alert fatigue, delays in development, and little to no instructions on how to patch vulnerable libraries. To enable developers to incorporate open source security testing earlier in the development process, a new breed of free SCA tools designed with developers in mind is required. By making it simple for developers to construct SBOMs, Contrast’s new SCA feature in CodeSec helps them to quickly identify the susceptible libraries in OSS while also giving actionable repair recommendations to ship code more quickly and manage software supply chain risk.
