The ability to reliably reuse software components is fundamental to all modern software development, and with over 80% of these components open source, Software Composition Analysis is fundamental for securing software supply chains.
Many tools for Software Composition Analysis provide a wide range of capabilities in terms of detecting and reporting components and their licensing, vulnerability, and quality information. There are many specialized different techniques and tools for different development-side languages and frameworks and for specialized deployment-side platforms like containers or embedded systems.
A key issue is that expensive proprietary SCA tools can be a huge inhibitor for people to do the right thing and manage the composition of their software. To make using open source easier for everyone, we need FOSS tools for FOSS SCA.
In this webinar, nexB co-founder and CEO Michael Herzog will discusses the best practices for open source SCA. By using FOSS SCA tools, organizations don’t need to worry about vendor lock-in, and by sharing tools with upstream projects, organizations can improve the vitality of the overall FOSS community.
Video
Slides
Ready to learn more?
- Scan your codebase with ScanCode
- Find software vulnerabilities with VulnerableCode
- Start automating compliance with DejaCode
