Contents Many companies embed third-party open source code into their production software. This code, if not thoroughly vetted, can potentially introduce vulnerabilities and pose security risks. According to the 2023 annual Open Source Security and Risk Analysis report by Synopsys (https://www.synopsys.com/software-integrity/resources/analyst-reports/open-source-security-risk-analysis.html), nearly 96% of 1,703 codebases used in key industries contained open source code, and more than 84% of them contained at least one known open source vulnerability. Comprehensively addressing open source vulnerabilities is therefore critical for modern software development.
Abstract:
Software composition analysis (SCA) plays a key role in ensuring supply chain security by helping identify known security vulnerabilities in open source libraries. We rev...Show MoreMetadata
Abstract:
Software composition analysis (SCA) plays a key role in ensuring supply chain security by helping identify known security vulnerabilities in open source libraries. We review several popular SCA tool, comparing their key functionalities based on a set of objective criteria.
Published in: IEEE Security & Privacy ( Volume: 23, Issue: 1, Jan.-Feb. 2025)
