Veracode delivers the application security solutions and services today’s software-driven world requires. Veracode’s unified platform assesses and improves the security of applications from inception through production so that businesses can confidently innovate with the web and mobile applications they build, buy and assemble as well as the components they integrate into their environments.
Veracode Software Composition Analysis (SCA) helps you build an inventory of your open source components to identify vulnerabilities, covering open source and commercial code. The Veracode Application Security Platform analyzes both proprietary and open source code in a single scan, providing you visibility across your entire application landscape.
When a big vulnerability hits the news, Veracode helps you quickly identify which applications in your organization are vulnerable. Because no technology is a silver bullet, Veracode supports your program’s people, processes and technology by coaching your engineers on secure coding practices, managing your remediation and mitigation process, and discovering known and unknown vulnerabilities through its highly scalable SaaS platform
With Veracode Software Composition Analysis, you will:
1. Assess proprietary and open source code in a single scan
The Veracode Application Security Platform analyzes your open source components to find vulnerabilities with the same scan you’ve already set up for static binary scanning — without having to rescan the applications. As a result, you’ll reduce integration points, get broader visibility across your application landscape, and assess your entire application against one policy — summarized in a single report
2. Manage your remediation and mitigation workflow
The Veracode Platform helps you manage the workflow for remediation and mitigations. Once you find a vulnerability in an open source component, you can immediately see whether the latest version of the component addresses it. Your developers can also access educational resources to help them addressing the security issue
3. Get one-on-one remediation coaching for software developers
When vulnerability descriptions and on-demand educational resources are not enough, developers can schedule calls with a Veracode expert to talk through the options of remediating or mitigating the vulnerability
4. Identify open source components and new vulnerabilities in your portfolio
Open source vulnerabilities are so impactful because the components libraries are widely used and repackaged in software. When a big vulnerability hits the news, Veracode helps you quickly identify which applications in your organization are vulnerable. This saves precious time as you’re formulating your action plan. You can also manually blacklist certain components, leading to an automatic policy audit fail for any application that uses it
5. Identify and remediate vulnerabilities to help comply with industry regulations
Several industry regulations and security frameworks require that you find and patch known vulnerabilities in your applications, including PCI DSS Requirement 6.2, OWASP Top 10 A-9, FS-ISAC, NIST-800-53 SA-12, NIST-800-161 CM-8, and HITRUST CSF v7. Identifying and remediating or mitigating vulnerabilities helps you comply with these regulations and pass audits
6. Use a scalable SaaS solution that integrates with your SDLC
Security works best when it’s part of how people do their jobs. The Veracode Application Security Platform integrates with every part of your software development life cycle. The SaaS-based platform reduces your operational overhead and is highly scalable to meet your demands at peak times
This video is about Veracode Software Composition Analysis SCA Product Overview by E-SPIN that will give you more information regarding this product.

For those who can not join us for the end user and channel partner product seminar session, please see the summary and highlight clip for the event.
https://www.youtube.com/watch?v=2FMcuaUKV_k&t=5s
If you have any inquiry or questions, feel free to contact E-SPIN for solution, product and project requirements.