VRB News
Virtual Reality Brisbane
  • Home
  • About us
  • IT news
  • Tech
  • World
  • Contact
No Result
View All Result
  • Home
  • About us
  • IT news
  • Tech
  • World
  • Contact
No Result
View All Result
No Result
View All Result
Home IT news

SCA essential for software supply Chain protection

admin by admin
September 15, 2021
in IT news
0
SCA essential for software supply Chain protection
0
SHARES
11
VIEWS
Share on FacebookShare on Twitter

Forrester SCA Analysis Essential for Software Supply Chain Protection

Attacks such as SolarWinds and Kaseya have shown the risks that can lie in the software supply chain. According to Forrester, various approaches and policies as well as the use of software Composition Analysis (SCA) are suitable for their protection.

Companies on the topic

Sandy Carielli, Principal Analyst at ForresterSandy Carielli, Principal Analyst at Forrester

(Picture: Forrester)

In a blog post, principal analyst Sandy Carielli points out that SCA has always played a role in protecting the software supply chain. The method helps to identify vulnerabilities and licensing risks in open source libraries, for example. As part of the study “The Forrester Wave: Software Composition Analysis, Q3 2021”, the market researchers have now examined the topic in more detail.

The “protectors” of the supply chain

The study shows that current SCA providers are expanding integrity functions for the supply chain. Many are increasingly focusing on their role as “protectors” in this area, expanding their offerings accordingly.

This is especially necessary in view of the sharp increase in the proportion of open source components in audited code: While 36 percent of the code was created from open source components in 2015, this figure was already 75 percent in 2020. Although the use of such components is practical and time-saving, it also entails risks such as unknown vulnerabilities or lack of conformity with company policies.

Note the range of functions

Forrester therefore advises SCA customers to pay attention to certain features when looking for a partner. For example, SCA solutions should be able to scan risks across open-source, third-party and closed-source libraries in order to largely cover everyday processes. They should also help developers eliminate vulnerabilities, licensing risks, and outdated code. Appropriate remediation features should not only be designed as simple and safe as possible, but also provide a risk assessment of the proposed error surveys.

Current solutions also point to dependency confusion and even remove malicious code from repositories. In accordance with the requirements of the US Cybersecurity Executive Order, some SCA solutions are already creating SBOMs (“Software Bill of Materials”) in SPDX or CycloneDx format to ensure the required transparency.

Market leader and challenger identified

The Forrester study also analyzed the SCA market environment and divided it into categories such as “Leader”, “Strong Performers”, “Contenders” and “Challengers”. The market leaders are WhiteSource and Synopsys, while Sonatype, Snyk, Checkmarx, Veracode and Revenera are seen as “strong performers”. Among the” Contenders ” are FOSSA and JFrog, while GitLab is categorized as a “Challenger”.

The detailed study “The Forrester Wave: Software Composition Analysis, Q3 2021” is available for purchase on the Forrester website.

(ID: 47619076)

Previous Post

Experts show cloud-native tools, services and methods

Next Post

VR games in September 2021: all the most important releases

admin

admin

Related Posts

Image technology: DHL warns against fake SMS – you need to know that fake SMS with supposed address queries from DHL are circulating at the moment. Sometimes the messages seem very authentic. That’s what’s behind it. More…
IT news

Image technology: DHL warns against fake SMS – you need to know that fake SMS with supposed address queries from DHL are circulating at the moment. Sometimes the messages seem very authentic. That’s what’s behind it. More…

January 25, 2023
helpchildreninukraine
IT news

Need for reform in juvenile justice legislation in Ukraine

January 25, 2023
Mercado Libre accuses Apple of monopoly in Mexico; IFT launches investigation
IT news

Mercado Libre accuses Apple of monopoly in Mexico; IFT launches investigation

January 25, 2023
Report: “Max” will be the name of the new HBO and Discovery service
IT news

Report: “Max” will be the name of the new HBO and Discovery service

January 19, 2023
Mobileye founder criticizes Tesla and Mercedes
IT news

Mobileye founder criticizes Tesla and Mercedes

January 17, 2023
Next Post
VR games in September 2021: all the most important releases

VR games in September 2021: all the most important releases

Premium Content

With this technology your wind turbine will be best protected

With this technology your wind turbine will be best protected

November 24, 2021
German tech investor helps Musk on Twitter

German tech investor helps Musk on Twitter

June 10, 2022
Playstation VR: Iron Man VR postponed indefinitely

Playstation VR: Iron Man VR postponed indefinitely

August 18, 2020

Browse by Category

  • Games
  • IT news
  • Tech
  • World

VRB News is ready to cooperate with webmasters and content creators. Send an email to info@virtualrealitybrisbane.com

Categories

  • Games
  • IT news
  • Tech
  • World

Recent Posts

  • Image technology: DHL warns against fake SMS – you need to know that fake SMS with supposed address queries from DHL are circulating at the moment. Sometimes the messages seem very authentic. That’s what’s behind it. More…
  • Need for reform in juvenile justice legislation in Ukraine
  • Mercado Libre accuses Apple of monopoly in Mexico; IFT launches investigation

© 2021 - The project has been developed ServReality

No Result
View All Result
  • Home
  • About us
  • IT news
  • Tech
  • World
  • Contact

© 2021 - The project has been developed ServReality

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?