CodeSecure, a leading provider of application security testing (AST) solutions, and FOSSA, a prominent software supply chain platform, recently announced a strategic partnership and native product integration that is focused on eliminating security blindspots associated with both third party and open source code.
The partnership combines CodeSecure’s CodeSentry Binary Composition Analysis (BCA) capabilities within FOSSA’s advanced software supply chain analysis and SBOM management platform. This single integrated solution provides continuous visibility for proactively detecting and mitigating software security vulnerabilities and compliance violations at every stage of the software development lifecycle (SDLC).
The CodeSentry-FOSSA integration allows App Developers and DevSecOps teams to generate comprehensive SBOMs that account for both open source and binaries contained in their software builds—providing comprehensive transparency into vulnerabilities, dependencies, and compliance violations. By identifying vulnerabilities during the development phase—when they are easier and more cost-effective to remediate—this integrated platform reduces risk and accelerates secure software delivery.
Open-source software and third-party software components—including libraries, add-ons, drivers, operating system components, and networking code—present unique security challenges. While open source analysis tools are effective for scanning vulnerabilities in accessible source code files, many third-party and infrastructure components are distributed as precompiled binaries. These binaries require specialized BCA to accurately identify embedded vulnerabilities, dependencies, and potential risks. The FOSSA platform with BCA provides unified scanning, which is required to achieve comprehensive software security coverage.
The FOSSA platform, pre-integrated with CodeSecure CodeSentry, looks to address the following DevSecOps needs:
- Comprehensive SBOM Generation. Consolidates insights from both source and binary code analysis to produce complete software inventories.
- Early Vulnerability Detection and Remediation. Identifies and helps mitigate vulnerabilities early in the development lifecycle, reducing complexity and cost.
- Unified Security and Compliance Management. Provides a single source for maintaining software licensing compliance and securing third-party dependencies.
Information on the platform is available at https://fossa.com/request-demo.