GrammaTech presents a new version of the CodeSentry tool for identifying security gaps in third-party code. CodeSentry 2.0 uses binary analysis to create a software bill of materials, uncover zero-day and n-day security gaps, and determine a risk score for third-party software applications.
GrammaTech, a leading provider of software tools for static code analysis and for the detection of security vulnerabilities, announces the availability of Version 2.0 of CodeSentry.
Recognize and avoid security risks
CodeSentry is a solution for identifying and avoiding security risks within the software supply chain. The new version CodeSentry 2.0 offers, among other things, the possibility of receiving a clear risk score for software applications via the executive dashboard. This is based on identified vulnerabilities, CVSS (Common Vulnerability Scoring System) and key performance indicators. The reporting for compliance and risk governance audits has also been expanded again.
According to a study by analysts at VDC Research, around 40% of the code in software development projects consists of open source and third-party code. The most recent hacker attacks on SolarWinds, CodeCov and other applications show that, in addition to your own code, it is essential to also check third-party software supplied for security gaps.
CodeSentry 2.0 supports this by analyzing the software's composition in the external code. Known weak points in the detected software components are displayed and the results are saved in detailed software bill of materials. CodeSentry continuously tracks vulnerabilities throughout the software lifecycle.
CodeSentry binary analysis
Since the source code for purchased applications is rarely available, analyzing the binary code is the only alternative to identify risks in software products.
CodeSentry 2.0 offers the following additional functions and advantages:
- Comprehensive Software Bill of Materials creation: Binary scans identify open source and third-party components and provide security scores, component compliance details, version information, location, and detailed vulnerability information, including CVSS scores
- Detection of zero and n-day vulnerabilities - CodeSentry 2.0 detects unknown (zero-day) and known (n-day) vulnerabilities in identified open source and third-party components
- Support for multiple Software Bill of Materials formats including the industry standard CycloneDX
Further information on new functions and other advantages can also be found online.
More at GrammaTech.com