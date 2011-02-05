Search
March 2022 by Marc Jacob

Invicti Security™ announced its software composition analysis offering, purpose-built to support companies in tracking, scanning, and securing the open-source components within their applications.

With every company now a software company, developers are under more pressure than ever to rapidly release innovative features and functionality that help them maintain speed to market. Because of this, usage of open-source components has soared over the past half-decade. According to ESG, 80% of organizations report that more than a quarter of their codebases are dependent on open source.

However, according to the same research from ESG, less than half of organizations (48%) have specific security controls to scan for open-source vulnerabilities. Because open-source software has a distributed development model, it can inadvertently introduce significant vulnerabilities that in-house teams may miss.

Invicti SCA was developed to help teams mitigate open-source risks without impeding their pace of innovation. It does so by:

Detecting all open-source components and where they are in use across the entire application portfolio

Providing remediation guidance when a vulnerability is identified and identifying the most up-to-date version of the software to prevent vulnerabilities from being introduced into production

Blending DAST + IAST and SCA, test coverage is maximized in a single scan, enabling comprehensive analysis of the application’s security risk posture in a single pane of glass.

Invicti is the only company that offers DAST, IAST and SCA testing in one scan and provides consolidated results. With a shortage of security skills and the need to rapidly release new functionality, customers can integrate the Invicti platform into their CI/CD pipeline, ticketing systems, and other development tools once and get a comprehensive view of their application security risk before it goes into production.

Invicti SCA is now generally available for PHP, Node.js, Java, and .NET applications.

1 ESG Research Report, Securing Modern Application Development Environments, December 2020




