Software Supply Chain Security
Assure Third-Party Software Security When Source Code Isn’t Available.
Assure Third-Party Software Security When Source Code Isn’t Available
Binary SCA For Your Software Supply Chain
CodeSentry is a Binary SCA solution that produces a SBoM without the need for source code. Binary SCA analyzes compiled code to identify open source components used by your vendors and suppliers then map them to the industry’s most complete and timely vulnerability and license database.
The risk in supply chains is real. Recent examples include:
- A vulnerability in the popular Apache Log4j component allowed unauthenticated remote code execution and access to thousands of servers and products
- Heartbleed, a vulnerability in OpenSSL was first disclosed in 2014. Over six years later, the SANS Institute reported finding over 200,000 systems that were still using the vulnerable component.
- Ripple20 is a set of 19 vulnerabilities in the commercial version of the Treck TCP/IP stack with four vulnerabilities rated critical with CVSS scores over 9 that enable Remote Code Execution. These vulnerabilities impact devices from a wide variety of vendors, including HP, Schneider Electric, Intel, Rockwell Automation, Caterpillar, Baxter and many more across medical, industrial, transportation, oil and gas, and other industries.
Evaluate Your Third and Fourth-Party Binaries
Understand Component Risk
Software development teams no longer have the luxury of long development cycles. Today’s world demands rapid release cycles to meet customers’ needs quickly. The adoption of open source greatly reduces development time, but also introduces risk from known vulnerabilities in those components. CodeSentry allows teams to identify open source components in third-party binaries and containers, including any used in commercial components licensed and used by the third-parties.
Alleviate Need for Source Code Access
Analyze Legacy Code
CodeSentry identifies open source components in binaries. Source-based Software Composition Analysis (SCA) tools require source code to identify components and produce a Software Bill of Materials (SBoM). But source code isn’t always available, even for in-house projects. Commercial components and software built by vendors and partners are delivered as binaries. Code from the supply chain can comprise at least 25% of the final application. Identifying vulnerable components in these binaries is just as important to product security.
Identify Security Weaknesses
Proactively Reduce Exposure
CodeSentry does more than just produce a Software Bill of Materials. By assessing binaries “as deployed”, CodeSentry can also teams to Zero-Day vulnerabilities resulting from poor security development practices including weak cryptography, use of potentially dangerous functions, insecure temporary files, and poor input validation. It also checks for misconfiguration of security features in compilers used by third parties providing binaries.
Our Customers
“CodeSonar does a better job of finding the more serious problems, which are often buried deep in the code and sometimes hidden by unusual programming constructs that are hard for other static analysis tools to parse.” GE Aviation
GE Aviation
“CodeSonar does a better job of finding the more serious problems, which are often buried deep in the code and sometimes hidden by unusual programming constructs that are hard for other static analysis tools to parse.” GE Aviation
GE Aviation
“Aliquam consequat erat viverra sit condimentum. Amet at ac accumsan sagittis turpis vivamus. Auctor sapien, vulputate nunc neque. Egestas et lectus commodo rutrum lorem. Turpis dui cursus lobortis arcu donec imperdiet aliquam odio.”
Jane Doe
Optional Descriptor
“Aliquam consequat erat viverra sit condimentum. Amet at ac accumsan sagittis turpis vivamus. Auctor sapien, vulputate nunc neque. Egestas et lectus commodo rutrum lorem. Turpis dui cursus lobortis arcu donec imperdiet aliquam odio.”
Jane Doe
Optional Descriptor
Case Studies
Learn how customers gain value using GrammaTech’s solutions via case studies in medical, aerospace, tech, and more.
Telit
Learn MoreGrammaTech Helps Telit Deliver Safety Faster. Telit is a global leader in cellular-based M2M and Internet of Things (IoT) solutions that have been connecting the world from the inside out for nearly 20 years.
Stoneridge
Learn MoreTransportation – GrammaTech Improves Product Quality and Delivers Safety Faster.
Piper
Learn MoreTransportation – GrammaTech Helps Optimize Smart Sensors and Technologies to Increase Transportation Throughput.
Petroleum Experts
Learn MoreIndustrial – GrammaTech Helps Deliver High Quality, Safe, Secure Software and Ensure Customer Satisfaction.
NASA-White Sands: The Benefit of Static Analysis
Learn MoreAerospace – GrammaTech Contributes to NASA Study Exploring the Benefits of Static Analysis.
NASA: Mars Curiosity Rover
Learn MoreGovernment – GrammaTech Helps Mars Curiosity Rover Search for Signs of Life.
Multinational Financial Services Company
Learn MoreFinancial Services – GrammaTech Reduces Application Authorization Time from Months to Weeks.
Micrel Medical Devices
Learn MoreMedical Device – GrammaTech Provides Superior Standards Support to Meet Coding Compliance Needs.
Merit Automotive
Learn MoreAutomotive – GrammaTech Supports Delivery of Quality Products to Meet Safety and Security Requirements.
Related Resources
Book a Demo
We’re ready to help you integrate SAST and SCA security into your DevSecOps flow. Get a personally guided tour of our solution offerings to ensure you are receiving the right solution for your development team.
book now