GrammaTech Launches a Software Supply Chain Security Platform

GrammaTech, a leading provider of application security testing products and software research services, announced today the release of the latest version of CodeSentry, which reduces software supply chain security risks such as those exploited in recent attacks on downstream users SolarWinds, CodeCov, and other applications. CodeSentry analyzes bought or commercial off-the-shelf software in seconds to identify program components, produce a software bill of materials (SBOM), and discover zero-day and N-day vulnerabilities.

Binary Analysis of CodeSentry

Historically, organizations have relied on software suppliers to handle the security risks associated with their purchase programs. However, the growing frequency of software supply chain attacks forces enterprises to evaluate and verify third-party software for vulnerabilities that expose them to threats. Because source code for purchased programs is rarely available, binary analysis is the sole option for extracting an SBOM to identify underlying risks in commercial software products. CodeSentry, which was developed in response to research conducted for defense and intelligence organizations, offers the following capabilities and benefits:

• Creates a Comprehensive SBOM — binary scanning detects open source and third-party components and returns a security score, component match data, version information, location, and comprehensive vulnerability information, including CVSS scores.

• Detects unknown (zero-day) and known (n-day) vulnerabilities in recognized open source and third-party components.

• Executive Dashboard - provides a risk assessment for software applications based on discovered vulnerabilities, CVSS, and key performance indicators (KPIs)

• Advanced reporting – for audits of compliance and risk governance

• Multiple SBOM formats are available, including industry standards. CycloneDX

• Flexible deployment — native SaaS application with on-premises deployment as an option.

Top Use Cases

CodeSentry addresses the following issues that both software vendors and enterprises experience:

• IT Vendor Risk Management — minimize corporate risk by evaluating the components and security of commercial off-the-shelf (COTS) programs such as finance, human resources, video conferencing, messaging, and other productivity apps.

• Information Security: Establish a strong security posture by evaluating COTS apps for vulnerabilities before deploying them departmentally or throughout the business.

• DevSecOps — secure third-party code introduced into the software development life cycle to ensure that it has been developed and architected with security across the entire stack.

Availability

GrammaTech CodeSentry 2.0 is now available from GrammaTech and its global business partners.

About GrammaTech
GrammaTech is a global leader in application security testing (AST) solutions, which the world's most security-conscious companies use to identify, measure, analyze, and fix vulnerabilities in software that they create or use. In addition, the company is trusted cybersecurity and artificial intelligence research partner for the nation's civil, defense, and intelligence services. GrammaTech is headquartered in Bethesda, Maryland, and has a research and development center in Ithaca, New York. It also publishes Shift Left Academy, an educational resource for software developers.