The New Supply Chain Security by DerScanner Ensures Safety of Open-source and Third-party Components
DerScanner introduces Supply Chain Security to ensure the security of third-party components downloaded from the Internet.
To equip developers with a reliable measure of component security, DerScanner assigns a reputation score to each verified package, considering several factors evaluated by the AI-powered engine. The score examines the author's credibility, the package's popularity and update frequency, the timeliness of security fixes, the package's novelty, and the extent of community verification of pull requests. Through this comprehensive assessment, DerScanner empowers developers with the insight to determine the safety of incorporating each third-party package into their application's architecture.
As attackers refine their methods, a comprehensive scan of the open-source repositories becomes crucial. The vulnerabilities of the third-party components pose a substantial threat, potentially granting attackers access to entire applications. Hackers often create clones of popular libraries, publish them under similar names, and embed malicious code into these seemingly benign replicas. Those risks are further amplified in large-scale projects, where a single developer might use an outdated or unpatched package, inadvertently opening the door to cyber-attacks. The new Supply Chain Security capability in DerScanner represents a significant enhancement to the traditional Software Composition Analysis, augmenting its capabilities to deliver a more robust defense against sophisticated attack scenarios, such as zero-day threats.
“The Supply Chain Security capability in DerScanner embodies the authentic spirit of open-source by ensuring its freedom and security. It goes beyond merely identifying known vulnerabilities, proactively alerting developers about possibly compromised packages before their integration into applications, thus preemptively shielding against potential harm. ” - said Dan Chernov, CEO of DerScanner.
About DerSecur
Established in 2011, DerSecur has emerged as a trusted solution provider in bolstering application resilience against cyber threats. Born from a foundation in a leading research institute for computer science, our code analysis technology now serves a global clientele in over 30 countries. Our team, comprised of 70 dedicated scientists and researchers, is at the forefront of innovation in cybersecurity.
DerScanner is designed to be a thorough solution for identifying and addressing security vulnerabilities in both mobile and web applications. It provides two key types of analysis: static analysis (SAST), which examines code before it runs, and dynamic analysis (DAST), which tests applications in a running state. This dual approach ensures a comprehensive review of your application's security. With the recent expansion, DerScanner now includes Software Composition Analysis and Supply Chain Security. This development is particularly crucial for applications that rely on open-source components, enabling developers to verify the safety of third-party code integrated into their projects.
What sets DerScanner apart is its unique capability to analyze both source and binary code, making it a global leader in versatility with support for 36 programming languages. It excels in understanding polyglot applications and significantly minimizes false positives through its proprietary Fuzzy Logic Engine technology.
DerSecur focuses on providing a practical, efficient, and user-friendly tool for application security testing, helping developers maintain secure and robust applications.
Give it a try at https://derscanner.com/
Andy Dankiewicz
DerSecur Ltd
email us here
Visit us on social media:
LinkedIn
Distribution channels: Banking, Finance & Investment Industry, Healthcare & Pharmaceuticals Industry, IT Industry, Insurance Industry, Technology
Legal Disclaimer:
EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.
Submit your press release