Sponsored by CYCODE
The first incarnation of software composition analysis (SCA) technologies came in 2002 when dependencies were a relatively minor issue in software development. Much has changed in 20 years, and modern applications are made up of 90% third-party code. Today, dependencies exist across all phases of the SDLC, not just in application code. Furthermore, the increasing number of dependencies in each application combined with much faster release cycles has led to many more vulnerabilities to fix with far less time for mitigation. Yet, traditional SCA technologies remain focused solely on dependencies in application code and fail to deliver the agility or speed that modern security teams need to prioritize and fix emerging threats.
Pipeline composition analysis (PCA) advances dependency security in several key ways to benefit modern SDLCs. First, PCA identifies vulnerabilities inside the application’s code as well as in the software delivery pipeline itself. Next, PCA understands the entire SDLC, not just the development phase, which enables PCA to prioritize remediation based on runtime exploitability. Additionally, PCA traces deployment paths to identify where vulnerability dependencies exist in production environments such as specific Kubernetes pods. Thus, PCA gives security teams the breadth to secure all of their dependencies, the knowledge to focus on the riskiest threats and the speed to quickly react to ever increasing volume of CVEs.
This webinar will cover: