Scribe Security, a leading software supply chain security provider, announced today a first-of-its-kind advanced security analysis capability that empowers companies to swiftly understand the impact and scope of each security event, revolutionizing the way organizations assess and manage their software security.
Scribe’s platform now aggregates an extensive array of attestations into a vast data lake, offering users a wellspring of security intelligence. This rich data source serves as the foundation for deriving meaningful and actionable security insights in a flexible and customizable manner, effectively discerning the critical signals amidst the noise.
“With this new capability, customers can now easily dissect and customize code security information, such as SBOM, vulnerabilities, integrity, SDLC policies, pipeline events, and more, according to unique preferences, creating tailor-made reports that reveal valuable insights and drive smarter decision-making and mitigation,” said Rubi Arbel, Scribe Security Co-founder, and CEO.
This new capability also extends to provide extensive reports for analyzing software components and their vulnerabilities across different projects. These reports empower users to effectively assess and manage the security and compliance aspects of their software projects. Here are a few of the reports available within the Scribe platform:
Aggregated SBOM: This allows users to view all packages in their projects’ Software Bill of Materials (SBOMs) and filter them based on criteria such as project name and version. It provides details about components, dependencies, package managers, licenses, vulnerability scores, and more. Users can sort information by different parameters to identify critical and high vulnerabilities efficiently.
Out-of-Date Components Report: This report assists users in identifying packages with newer versions available, providing essential details for security updates.
Vulnerabilities Report: Offering a detailed overview of vulnerabilities in software components, this report includes severity, dependency information, vulnerability scores, dates, and references to help users assess potential risks.
Compliance Report: This report enables users to assess compliance on a broader scale, offering insights into compliance issues across multiple projects.
Library Reputation Report: Based on the OpenSSF Scorecard project, this report provides valuable information about the reputation of libraries used in projects, helping users make informed decisions to mitigate potential security risks
Evidence Report: A centralized repository for all evidence collected and uploaded to Scribe Hub, this report allows users to easily access and utilize evidence to enforce policies effectively.
This flexible analysis capability elevates software security analysis to a new level, empowering organizations to make data-driven decisions, enhance security, and ensure compliance across their projects.