New capabilities deliver full-lifecycle protection and automated control of critical software
Lineaje, the full-lifecycle software supply chain security company, today launched end-to-end capabilities that will fundamentally transform how organizations protect their critical software. The release includes Lineaje agentic AI-powered self-healing agents that autonomously secure open-source software, source code and containers, Gold Open Source Packages and Gold Open Source Images that enable organizations to source trusted, pre-fixed open-source software, and a powerful software crawling and analysis engine, SCA360, that discovers and contextualizes risks at all software development stages. This release empowers organizations to proactively address the escalating risks of software supply chain attacks by providing comprehensive, automated security across the entire software lifecycle.
The latest enhancements to Lineaje’s full-lifecycle software supply chain security offerings are purpose-built to solve organizations’ most pressing challenges. Lineaje AI Labs research shows that 90% of modern applications incorporate open-source packages. Notably, 95% of vulnerabilities in applications originate from these open-source dependencies. This creates a significant challenge for developers, as DevSecOps prioritization often changes faster than their ability to address prioritized risks. Consequently, developer teams are frequently overwhelmed with vulnerability backlogs, tasked with fixing code they didn’t build and required to deliver compliant software. Enterprise Strategy Group also reveals in the Enterprise Strategy Group Report, The Growing Complexity of Securing the Software Supply Chain, May 2024 that 91% of organizations faced software supply chain incidents in the past 12 months, resulting in serious impacts.
By combining Lineaje AI’s innovative agentic AI, Gold Open Source and enhanced scanning with SCA360, organizations can eliminate software supply chain vulnerabilities and reduce complexity and confusion for teams across software production and security processes.
Lineaje Agentic AI Enables Self-Healing Source Code and Containers
Kicking off the new capabilities, Lineaje’s agentic AI autonomously finds and fixes software supply chain security risks – allowing code and containers to self-heal. The AI agents make comparing versions simpler, generating reports easier and analyzing and searching faster. Additionally, they make compatibility analysis at scale possible.
New source code and container self-healing capabilities operate continuously at scale across an entire software factory, fixing thousands of containers and hundreds of source-code repositories – dramatically reducing developer pain and effort in risk mitigation.
- Self-Healing Code continuouslyscans source code repositories, detects security issues, including common vulnerabilities and exposures (CVE), finds compatible updates for direct dependencies in the source code and fixes them automatically after approval. This creates a culture of trust, eliminating the need for developers to find and fix vulnerabilities themselves across complex dependency chains. Developer productivity will ultimately increase with a focus on innovation rather than maintenance.
- Self-Healing, Application-Aware, Secure Containers find and fix vulnerabilities in all layers of a container, automatically generating new container clones that are guaranteed compatible and secure by default than those being deployed. This enables DevOps and DevSecOps to ensure vulnerability remediation just before deployment.
“As developers increasingly utilize third-party and open-source software to save time as they develop their applications, security teams face challenges with software supply chain security. And the complexity of the software supply chain will continue to grow as developers utilize AI to further increase their productivity. It is exciting to see Lineaje apply agentic AI to automatically scan and remediate vulnerabilities in open-source software, source code, and containers to help organizations manage software supply chain risk, as this technology holds the promise of creating self-healing systems to alleviate security teams from the challenges of supporting rapidly scaling software development,” said Melinda Marks, Practice Director, Cybersecurity for Enterprise Strategy Group.
Gold Open Source Delivers Safe, Transparent Open-Source Packages and Images
Further enabling autonomous and effective full-lifecycle software supply chain security, Gold Open Source allows organizations to source high-integrity, safe, transparent open-source packages and images. Gold Open Source includes:
- Lineaje Gold Open Source Packages are free of critical, high and exploitable vulnerabilities, with pre-attested lineage. They provide complete transparency with more than 100 attributes for each package and its transitive dependencies. Available as a subscription that seamlessly plugs into existing enterprise software supply chain infrastructure, Gold Open Source includes the most popular packages used by organizations, with over 3 million vulnerability-free, fully-attested Gold Packages already available. Also powered by Lineaje AI, Gold Open Source now tracks over 408 billion open-source security data points, including vulnerabilities, licenses, geo-provenance, maintainability, code quality, contributors, etc.
- Lineaje Gold Open Source Images are built to the same rigorous standards as Gold Open Source Packages, guaranteeing consistent security, reliability and governance. Gold Open Source Images provide organizations with a catalog of over 2,000 vulnerability-free, fully-attested Gold Images, covering the most popular images used in enterprise environments. Leveraging Lineaje AI’s powerful capabilities, developers can now generate custom Gold Images on demand by specifying an existing public container image. Lineaje AI then automatically creates a compatible, hardened Gold Image and adds it to all Gold Open Source Image subscriptions, streamlining the securing of containerized applications.
- Premium Gold Open Source addresses the risks posed by unfixed, unmaintained, and incompatible open-source packages. Lineaje AI Labs data shows that over half of all open-source packages are abandoned. This capability empowers developers to automatically create more secure, app-aware images, ensuring application stability and security.
Contextualize and Discover Software Risks with Safe, Unified SCA360
Lineaje has also introduced SCA360, a new contextual risk analyzer. SCA360 unifies Lineaje’s software crawling and analysis engines and scans source code, artifact repositories and containers. With pre-deployed scanners to identify software supply chain security risks at every stage of software development, SCA360 provides deeper context than ever, enabling centralized risk prioritization and remediation planning for attack surface reduction. Features include:
- Safe Scanning scans private source code, artifact repositories, and container images within an organization’s security boundaries, ensuring critical and proprietary IP remains fully protected and never leaves the environment, unlike existing SaaS-based AppSec and SCA tools. Critical software, whether source code or containers, should never leave an organization’s boundary, even under the pretext of security.
- The Deep Dependency and Reachability Scanner takes advantage of Lineaje’s unique ability to enumerate all dependencies, including static dependencies, to derive mandatory and optional dependency chains and their inherent risks. It is coupled with a new static code analysis engine that detects reachable vulnerabilities and linked functions, providing deeper transitive dependency visibility than other reachability scanners.
- The Malware Scanner detects embedded malicious and tampered packages, highlighting those of dubious origin.
“As a food delivery service, our entire business model rests upon the success of our software. A faulty component or vulnerability could potentially disrupt thousands of deliveries daily, impacting our revenue, customer satisfaction, reputation with partners, which could impact our employees and customers,” said Pippin Wallace, senior security engineer at Favor Delivery. “We required a solution to proactively address these risks and protect our business. Lineaje’s SCA360 helps us manage security risks by scanning all software in our delivery platform, ensuring that everything can stay secure. It helps our developers focus on serving up more value to our partners and end users by fixing issues before they become bigger threats.”
Lineaje Full-Lifecycle Security: Addressing Today’s Software Supply Chain Challenges
With broad-ranging capabilities and the ability to easily integrate with other strategic tools from Lineaje, organizations can now adopt full-lifecycle software supply chain security for their critical software. This ultimately achieves self-healing software supply chains that simplify security and maximize innovation.
“Full-lifecycle software supply chain security capabilities enable organizations to deliver transparently secure software. Our new Agentic AI capability in Lineaje AI, combined with Gold Open Source and SCA360, enables organizations to eliminate software supply chain risks while dramatically reducing developer, DevOps, and DevSecOps overhead and chaos created by existing AppSec tools,” said Javed Hasan, co-founder and CEO of Lineaje.