Free scanning service helps companies build an up-to-date SBOM

As developers increasingly rely on open source components in their projects, knowing which have been used is a key part of being able to identify updates and potential threats. This is where a software bill of materials (SBOM) is essential.

Application security testing and software research services company GrammaTech is launching a no cost SBOM service, alongside a new version of its CodeSentry software composition analysis (SCA) tool.

Unlike source code tools, CodeSentry analyzes the binary that executes to identify all components or vulnerabilities including those contained in post production applications. This means it can identify second, third and fourth party components regardless of where they enter the software supply chain by analyzing the final binary 'as deployed'.

"CodeSentry is now available in three editions which allows customers to choose the application security capabilities that align with their requirements for software inventory, vulnerability assessment or security intelligence," says Walter Capitani, director of technical product management for GrammaTech. "Plus, with the SBOM Edition, organizations can inventory their software as a first step in implementing a proactive software supply chain security program to avoid fire drills caused by incidents like Log4j."

SEE ALSO:

• Platform engineering, SBOMs and off-the-shelf solutions -- development predictions for 2023
• Why SBOMs have become a vital element of supply chain risk management [Q&A]

CodeSentry comes in three versions, an SBOM Edition that generates a software inventory to identify at-risk open-source components and assess licensing information to avoid compliance violations; a Security Edition which adds the ability to identify component N-Day vulnerabilities, provide security scoring for application risk assessment, assess exploitability across components, and support additional deployment and API options; and an Advanced Security Edition which has all the above capabilities plus the ability to detect zero-day vulnerabilities, support for advanced scanning to detect advanced N-Day weaknesses and packaging security assessment.

To get a free SBOM, companies can register to provide a binary or artifact to GrammaTech. They will receive a free SBOM report in their preferred format that exposes software supply chain, third party and open source security risks associated with their application. This will only be available for a limited time.

Image credit: Andreus/depositphotos.com