Winmill Software has announced that Ben DiMolfetta, client solutions architect for Winmill, has won Veracode’s “Best Video Series in Demonstrating Software Composition Analysis (SCA)” video contest. The eight-part video series Ben created summarizes how to use Veracode to run a software composition analysis, analyze the results, and create a trackable ticket for removing cyber attack vulnerabilities.
In the video series developed by Ben, viewers are shown how to use Veracode SCA to generate a software bill of materials that can be used to identify applications that might be vulnerable to cyber attacks. Veracode SCA then makes recommendations for remedying each vulnerability, such as installing a newer version of the software or code. Veracode’s platform also analyzes whether an application is using the correct license.
Ben also created a video showing how this scanning tool can be run in PowerShell utilizing the SCA Agent. Ben’s video shows how to integrate SCA Agent into the JIRA Cloud ticket and process flow. All of this gives developers a more robust set of tools for vulnerability remediation, including the ability to create JIRA tickets or stories that will help developers secure their applications. Software Supply Chains Introduce Vulnerabilities to Cyber Attacks
Today, every organization depends on a variety of applications. Some are created in-house, some are commercial third-party applications, and some are open-source. All of these combined make up what is referred to as the software supply chain.
Forrester reported in 2020 that an average of 75 percent of audited application code bases was open-source applications. This heavy dependence on open-source applications has created a critical need to be able to identify vulnerabilities in these applications and the solutions to those vulnerabilities.
A software bill of materials, created via a software composition analysis, is the best way to protect your software supply chain. Veracode SCA enables you to do this accurately and easily. In partnership with Veracode, Winmill uses its security expertise to help identify software components and dependencies that create vulnerabilities, offer remediation guidance, and actively manage licensing and compliance risks.
Visit AITechPark for cutting-edge Tech Trends around AI, ML, Cybersecurity, along with AITech News, and timely updates from industry professionals!
