Insignary, a leading provider for software supply chain and IT infrastructure security, announced today that Gartner has named it as a Representative Vendor in Software Composition Analysis (SCA) in its recent report – “How to Manage Open-Source Security and Compliance Risks.”
According to the report “Software development using open-source software fosters innovation but poses numerous security and compliance risks.” The report recommends teams “Uncover OSS risks as early as possible by choosing an appropriate software composition analysis (SCA) toolkit and implementing automated scanning in the DevOps pipeline.”
“We are pleased to be recognized by Gartner in this category,” said Tae-Jin (TJ) Kang, Insignary’s co-founder and CEO. “Open source is hugely beneficial when building and deploying applications and minimizing security and license risk is critical to organizations”.
Development, security, and IT teams use SCA tools such as Insignary Clarity to identify open-source components and map those to databases of security vulnerabilities and licenses to mitigate risk. Insignary Clarity’s ability to scan both source and binary allows teams to build a Software Bill of Material (SBOM) for applications they build, software and components from 3rd parties they incorporate into their products, and for IT infrastructure that bypasses the traditional secure development lifecycle.
According to Gartner analyst Mark Driver in the report Emerging Tech: A Software Bill of Materials Is Critical to Software Supply Chain Management, “An SBOM is foundational to managing the complexity and securability of modern software deployments. And product leaders must meet the growing demand for technology, best practices and solutions to support the delivery of SBOMs.”
“SBOMs are increasingly required by regulatory mandates around the world to bring visibility to supply chain risk,” continued Kang. “The ability to verify SBOMs using binary analysis will be critical to vendors of medical devices, transportation, and critical infrastructure.” This includes NIST’s Secure Software Development Framework (SSDF), FDA Final Guidance (Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions), Europe’s Cyber Resilience Act (CRA), the Republic of Korea’s SW Supply Chain Security Guidelines, and Japan’s Guide to Implementing the Software Bill of Materials (SBOM) for Software Management.
Copies of the Gartner report are available from Insignary here.
Gartner®, How to Manage Open-Source Security and Compliance Risks, Nitish Tyagi et al., 31 July 2024
Gartner®, Emerging Tech: A Software Bill of Materials Is Critical to Software Supply Chain Management, Mark Driver, 6 September 2022
GARTNER is the registered trademark and service mark of Gartner Inc., and/or its affiliates and has been used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
