CodeSentry

CodeSentry, our leading Binary Composition Analysis (BCA) solution for gaining component inventory and insights into vulnerabilities and software risk, generating SBOMs, supporting Vulnerability Disclosures, and responding to Software Supply Chain Security (SSCS) risks.

Download Data SheetDownload EDITIONS Data Sheet

Scan Post-Production Applications, Packages & Containers

Binary Analysis When Source Code Not Available

CodeSentry is a binary composition (BCA) solution that identifies open-source components and shared dependencies in binaries, including firmware, containers, and mobile or desktop applications. The resulting component inventory is reported through an SBOM, which is also mapped to VulnDB, the industry’s most complete database of software vulnerabilities. EPSS and Known Exploited Vulnerability (KEV) Catalog data is also provided to simplify triaging reported vulnerabilities.

Generate SBOMs in Formats like SPDX & CycloneDX

Outputs in Multiple Formats

CodeSentry delivers the results of the binary scan via industry-standard SBOM formats, facilitating the integration and sharing of the discovered components with third-party systems and suppliers. The resulting application intelligence and vulnerability visibility mitigates risk, improves software security, and strengthens enterprise security postures by defending your products against software supply chain attacks.

SBOM entries can be included or excluded using CodeSentry’s component annotation feature, which provides an audit trail for any changes made to the generated SBOM.

Read more

Support Broad File Format Coverage

Across Languages, Operating Systems, and Platforms

With support for a wide range of endpoint software archive formats, including self-extracting installers and popular package managers, CodeSentry makes it easy to scan the applications your organization uses every day.  In addition, various virtual machines, disks, embedded, firmware, and mobile images are supported.

Key Benefits

Why CodeSentry? This product is designed to reduce time-to-market, exploit vulnerabilities and provide an SBOM.

Reduce time-to-market

Vendors, contractors, and partners provide compiled executables, not source code. Binary BCA analyzes compiled executables to identify open source components, then maps the components to our database of vulnerabilities.  CodeSentry can even detect detailed operating system versions in order to provide the most accurate risk analysis.

Identify weak security practices

CodeSentry’s Zero-Day Service can detect security issues associated with command and data injection, weak cryptography, race conditions, and many other common weaknesses. 

Provide accurate SBOMs to customers.

CodeSentry prevents the inclusion of vulnerable components by producing an accurate SBOM of third-party binary components. Support for external and third-party integrations is available via API and webhook.

With CodeSentry, you can gain critical insights into your software supply chain, including a comprehensive view of your software components and their dependencies. Get a first-hand look at the insights you’ll gain with CodeSentry with our free SBOM offer.

Get your free sbom

The CodeSentry Difference

What makes CodeSecure’s binary software composition analysis technology better.

  • No Source Code or Build Scripts Required

    Source code is rarely available for third-party components, and is not always available to security teams, even for in-house applications. Binary composition analysis (BCA) can produce an accurate SBOM without access to source code, and doesn’t require complex build information.

  • Views Code “As Deployed”

    Source SCA only sees components “as built”. CodeSentry sees the binary that executes. This allows it to identify any components or vulnerabilities introduced during compilation and packaging code for release.

  • Fewer False Positives

    Source SCA also often lists components that are not in the final build image, generating false positives. CodeSentry can accurately tell if a component is present in the final product or not.

  • 4th and 5th Party Coverage

    Direct vendors may use their own third parties for software development – so-called 4th or 5th party code. CodeSentry solves this problem by analyzing the final binary “as deployed”. It identifies open source no matter where it entered the software supply chain.

  • Comprehensive Vulnerability Database

    CodeSentry maps components to the world’s largest and most complete database of vulnerabilities in open-source software projects by using public and private sources.  

  • Vulnerability Detection

    CodeSentry identifies reused components and continuously tracks any vulnerabilities throughout the software lifecycle. Detecting critical, N-day and 0-day vulnerabilities as well as misconfigurations of security features in compilers early and precisely is key to reducing the cybersecurity risk and impact. 

  • Shift Left and Shift Right

    BCA allows organizations to identify vulnerable open source software when they evaluate third-party code, well before they incorporate it into their products. BCA is also used as a final check to scan binaries prior to releasing to customers or before deployment. 

  • Deployment Flexibility

    Organizations building sensitive products need to always maintain control over their code bases. CodeSentry is the only BCA solution that can be deployed on-premises. For organizations that wish to maintain lower overhead, a SaaS deployment option is available. 

CodeSentry FAQs

CodeSentry is derived from CodeSecure ground-breaking binary code analysis research. This technology applies software composition analysis (BCA) and achieves deep component results including open source software (OSS) without the need for source code. CodeSentry is suitable for enterprise-wide adoption and offers an extensive set of APIs.

CodeSentry supports environments across endpoints, embedded systems, firmware, and mobile devices including operating system support for Windows; Linux; macOS; RTOS; bare metal embedded software. Programming language support is provided for C; C++; Objective-C and object file compatibility for ELF; PE; Mach-0. A full list can be found here.

Yes. CodeSentry creates a detailed software bill of materials (SBOM) and lists known vulnerabilities in the detected components including any dependencies.

Yes. CodeSentry can be deployed as a single-tenant SaaS cloud application or as an on-premise solution including being air-gapped if required.

What our customers are saying

Book a Demo

We’re ready to help you integrate SAST and BCA security into your DevSecOps flow. Get a personally guided tour of our solution offerings to ensure you are receiving the right solution for your development team. 

book now