Time to overview about the Evolution of Software Composition Analysis(SCA).
1st Generation: Open Source Code Scanning
Around the 2002 , scanning of open source code that offers company vision into their open source inventory by identifying code snippets and matching open source databases, becoming an option tool for open source security.
This technology results in a false positive percentage (code of belonging and commercial code that is identified as open source). To deal with false positives, professional services are required to manually check the matches found.
Code scanning is proving to be an essential tool for open source license management and is soon to be received by corporate companies for this purpose. But long time is required to track the entire code, the inability to run with the continuous software development life cycle (SDLC), and the many false positive results generated, making it a poor solution to detect vulnerabilities in developing software production universe in which the methodology agile in which to become the norm.
2nd generation: Continuous Open Source Components Management
Fast forward to 2011 and White-source introduces new technologies designed to meet modern agile production standard requirements.
The ongoing management of open source components integrates with different software development tools such as repositories, build tools, pack manager and CI servers, and identify open source components every time you build your builds, commits etc., thus tracking issues (from weaknesses to problem licensing) in real time.
Steps in the real-time tracking of weaknesses and licensing issues allow software and security teams to move away from managing their open source and look for early issues in the process when it’s easier and faster to fix.
3rd generation: Effective Usage Analysis
In May 2018 White-source launched a future generation SCA solution. The newly developed technology delivers details beyond any of the components found in the application, discussing more profoundly with the expected view of how the components are used, highlighting their impact on application security.
Feel free to contact E-SPIN for the various technology solution that can facilitate your software composition analysis(SCA), application security testing and end to end development testing platform solution.