SCA / SBOM Management
Create comprehensive SBOMs and eliminate security blindspots across the software development lifecycle .
Book a demo
Identify All Dependencies
Fast, universal open source dependency scanning with comprehensive license and vulnerability detection
Fast, universal dependency (OSS) analysis for 30+ languages
Deep, embedded detection for open source and proprietary licenses
Identify CVEs with advanced filtering and prioritization
Zero-configuration, get started instantly
Comprehensive Container Analysis
Fast, universal open source dependency scanning with comprehensive license and vulnerability detection
Industry-leading license compliance scanning and vulnerability detection for container packages and dependencies
Broad support across Debian, Ubuntu, Centos, Oracle Linux, Fedora, Alpine, and Wolfi base images
Flexible scanning options: Docker images, OCI archives, remote and private registries
Simple CLI integration
Import & Analyze SBOMs
Import and analyze existing Software Bills of Materials (SBOMs) from various sources
Support for industry-standard formats including CycloneDX and SPDX
Deep analysis of imported SBOMs for vulnerabilities and compliance issue
Validation of SBOM completeness and accuracy
Integrated workflow for managing and reviewing imported SBOMs
Complete Binary Composition Analysis
Decompose and analyze binary files, including firmware. Manage associated SBOMs, vulnerabilities, and open source license compliance
1) Decompose and Analyze – Produce an inventory of detected libraries (plus their associated licenses and vulnerabilities) in binary files
2) Reduce Risk – Take action to prioritize and remediate vulnerabilities and ensure distributed binaries include only approved licenses
3) Manage Compliance – Produce SBOMs and license attribution notices that reflect the contents of binary files
Key Benefits
Why do customers select the combined SCA / SBOM Management solution?
Reduce Legal & IP Risk
Stay compliant with open source licenses and avoid IP violations. Seamlessly integrate license scanning into your development workflow to reduce risk and accelerate software delivery
Consolidate Vulnerability Management
Unify all security scanning across your SDLC. Consolidate SCA, BCA, and Container Security into a single solution with FOSSA’s industry-leading dependency scanning and mature security workflows.
Comply with Regulatory Reporting
Generate, manage, and share accurate Software Bills of Materials (SBOMs) to meet regulatory requirements and enhance supply chain security.
SCA / SBOM Management FAQs
CodeSentry is derived from CodeSecure ground-breaking binary code analysis research. This technology applies software composition analysis (BCA) and achieves deep component results including open source software (OSS) without the need for source code. CodeSentry is suitable for enterprise-wide adoption and offers an extensive set of APIs.odeSonar supports many popular languages, including C/C++, Java, C#, Kotlin, Python, Go, Rust, JavaScript, and TypeScript
CodeSentry supports environments across endpoints, embedded systems, firmware, and mobile devices including operating system support for Windows; Linux; macOS; RTOS; bare metal embedded software. Programming language support is provided for C; C++; Objective-C and object file compatibility for ELF; PE; Mach-0. A full list can be found here.
Yes. CodeSentry creates a detailed software bill of materials (SBOM) and lists known vulnerabilities in the detected components including any dependencies.
Yes. CodeSentry can be deployed as a single-tenant SaaS cloud application or as an on-premise solution including being air-gapped if required.
Book a Demo
We’re ready to help you integrate SAST and BCA security into your DevSecOps flow. Get a personally guided tour of our solution offerings to ensure you are receiving the right solution for your development team.
book now