May 26, 2022 · Information Security

Building and Deploying Software Composition Analysis (SCA) for Enterprise Security

The article analyzes the rising threat of open‑source components, explains Software Composition Analysis (SCA) and SBOM generation, outlines the three‑stage process for building an in‑house SCA capability, discusses practical challenges such as data quality and integration, and looks ahead to future standards and open‑source tools.

DevSecOpsNLPSBOM

0 likes · 37 min read

Building and Deploying Software Composition Analysis (SCA) for Enterprise Security

Continuous Delivery 2.0

Apr 21, 2022 · Information Security

Implementing Dependency Management Guidelines: Tools and Approaches for Software Composition Analysis

The article reviews the fifteen dependency‑management guidelines, discusses how to apply them in practice, and lists both open‑source and commercial tools—including Google’s Open Source Insights, Snyk, WhiteSource, Fossas, Anchore, OpenSCA, and MurphySec—while also highlighting differing analysis strategies and related research reports.

SCA toolsSoftware Composition Analysisdependency management

0 likes · 4 min read

Implementing Dependency Management Guidelines: Tools and Approaches for Software Composition Analysis