The ability to reliably reuse software components is fundamental to all modern software development, and with over 80% of these components open source, Software Composition Analysis is fundamental for securing any open source software supply chain.
Many tools for Software Composition Analysis provide a wide range of capabilities. Basically, these capabilities include of detecting and reporting components, their licensing, vulnerability, and quality information. There are many specialized different techniques and tools for different development-side languages and frameworks. And there are more for specialized deployment-side platforms like containers or embedded systems.
But a key issue is that expensive proprietary SCA tools can be a huge inhibitor for people to do the right thing and manage the composition of their software. So to make using open source easier for everyone, we need FOSS tools for FOSS SCA.
In this webinar (also below), nexB co-founder and CEO Michael Herzog discusses best practices for securing open source software supply chains by using open source Software Composition Analysis tools. With FOSS SCA tools, organizations don’t need to worry about vendor lock-in. And by sharing tools with upstream projects, organizations can improve the vitality of the overall FOSS community.
Video
Slides
Ready to learn more?
- Scan your codebase with ScanCode
- Find software vulnerabilities with VulnerableCode
- Start automating compliance with DejaCode
