Skip to main content
x

License and Vulnerability Management

Manage Supply Chain Security Risk

Gain visibility to risk from vulnerable open source components in internal code and third party binaries.

Open source components lowers development costs while accelerating development. They are also subject to security vulnerabilities that can be exploited easily by malicious attackers. With thousands of new vulnerabilities disclosed each year, an application that is secure today can be attacked by script kiddies using public exploits tomorrow.

Visibility to Risk in Your Software Supply Chain

In addition to the open source components your team uses, your vendors and partners may also provide binaries. When incorporated into your products, these can lead to additional open source security risk.

Ship More Secure Products

Insignary Clarity provides visibility to software supply chain by analyzing compiled applications and components to generate a Software Bill of Materials (SBOM), then mapping that to a database of vulnerable components. It provides detailed information on all vulnerabilities in all versions of each component to help developers make informed decisions about how to address issues.

Ongoing Alerts to New Vulnerabilities

When a new vulnerability is disclosed, Clarity alerts users to the affected applications – without the need to rescan.

Prioritized Results

Clarity highlights vulnerabilities with publicly available exploits

Fewer False Positives

Clarity provides more accurate results than other binary SCA solutions and minimizes unnecessary rework by providing information on whether the vulnerable portion of the component is used.

Detect Information Leakage

Clarity provides alerts when personal information, hard coded IP addresses or URLs, and unencrypted passwords are detected in a file.

Open Source License Compliance

Open source components can be issued under any of thousands of licenses – or no license at all. Each includes restrictions on usage, extension and distribution of code and its derivative products. Some licenses allow users to freely modify and redistribute code, while others require any modifications to be published under the same open source license. Components with restrictive licenses – if used improperly – can put your organization’s IP at risk.

 

You can protect your IP by maintaining a Software Bill of Materials (SBOM) for all software used in your solutions. But it’s not enough to simply look at what development teams have declared.

Binary SCA for Code “As Deployed”

Source-based Software Composition Analysis (SCA) can only examine the custom code your team creates. It is blind to binaries provided by third party vendors or to open source compiled directly into a build.

 

Clarity takes a different approach. Our Binary SCA provides visibility to your entire software supply chain. By examining the binary, Clarity can identify open source license risk in vendor code and the code your team builds.

Insignary Clarity

Maps all open source components to our license database, including file-level detailed license information to minimize license risks that can be missed by simply checking representative licenses .

Highlights components subject to aggressive litigation for copyright licenses.

Screens 3rd party developed binaries for potential OSS license compliance violations