当前位置:网站首页>Software component analysis: 5 major capabilities to protect software supply chain security

Software component analysis: 5 major capabilities to protect software supply chain security

2022-08-02 12:19:00 InfoQ

This article is shared from HUAWEI CLOUD Community "
HUAWEI CLOUD Releases Open Source Software Governance Services - Software Component Analysis
", author: HuaweiCloud PaaS service Xiaozhi.

Software component analysis, which refers to the static analysis of software source code, binary software packages, etc., to discover security compliance risks such as open source compliance and known vulnerabilities.A common security testing method; recently, HUAWEI CLOUD, with its leading edge in software component analysis products and technologies, passed the evaluation of the Institute of Information and Communications Technology and won the evaluation certification of open source governance tools.

null

Forge open source governance tools and protectYour software supply chain security


  • No need to rely on source code

Users only need to upload binary packages/Firmware, the service will use static detection technology to quickly analyze the security risk issues in binary software packages/firmware without building a running environment or running a program, and output a professional analysis report.

  • Independent of the architecture platform of the object under test

Supports desktop (Windows and Linux) applications, mobile applications (APK, IPA, Hap, etc.), embedded system firmware (u-boot, Android sparse, etc.), etc.

  • Mainstream programming languages ​​are fully supported

Support C/C++, Java, Go, Python,JavaScript, Rust, etc., the coverage of languages ​​continues to increaseVulnerability library capability to actively manage newly discovered vulnerability alerts in the BOM of the historical scanning software.

null
  • Strong risk detection capabilities, and rules continue to increase

Provide comprehensive and rapid investigation capabilities for risks in user release packages/firmware packages, covering open source softwareThere are 3 major categories of 26 sub-categories of risk, information leakage risk, and configuration risk, and the detection rules continue to increase.

null

Passed the evaluation of CITIC and won theOpen source governance tool evaluation certification


Trusted open source governance tool (SCA), as the most important detection tool in trusted open source, provides enterprises and evaluation agencies to use open source software to determine whether software products are safe or not.Provides an automated detection capability and quantifiable, visual detection results.

At the "OSCAR Open Source Pioneer Day" meeting in May this year,
Huawei Cloud Computing Technology Co., Ltd.'s R&D security service (component analysis) (SaaS version) passed theCertification of the Trusted Open Source Governance Tool of the China Academy of Information and Communications Technology
, and has provided commercial services on Huawei's public cloud.

null
HUAWEI CLOUD DevCloudWe have been committed to providing customers with an R&D environment that improves end-to-end efficiency and provides full-link security. Huawei's R&D tool capabilities continue to spill over. Currently, HUAWEI CLOUD software component analysis provides binary component analysis capabilities. Source code analysis will be officially released in the future, so stay tuned.

Click to follow and learn about HUAWEI CLOUD's new technologies for the first time~
原网站

版权声明
本文为[InfoQ]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/214/202208021206153809.html

边栏推荐

猜你喜欢

随机推荐