Software compositional analysis solution for safe operations with open source, license compatibility check and code quality assessment.

Comprehensive platform for secure software development

CodeScoring
Software composition analysis solution for safe work with open source, license compatibility check and code quality assessment.
Comprehensive platform for secure software development
CodeScoring
Open source code inventory
Analyzing code composition, automatically finding package manager configuration files, identifying direct and transitive dependencies from open source software, generating the Software Bill of Materials.
Solutions That Work
We are committed to delivering new features that enhance security and transparency of your development process. Here are some of the capabilities available.
Supply chain protection
Protecting against malicious components, including compromised packages, and offering policies to prevent attacks on the software supply chain. Integrating with Nexus Repository Manager and JFrog Artifactory Pro.
Vulnerabilities in Open Source
We collect data from multiple data feeds, including NVD CVE, GHSA, OSV, and more than a dozen of ecosystem feeds. Our process includes de-duplicating records and identifying errors in publicly available data. Private feeds from market experts are available as well. Information is supplemented with data on secure package versions, links to patches and public exploits.
License compatibility
Determining licenses of detected open source components. Checking their compatibility with each other. Monitoring compliance with the organization's licensing policies.
Evaluation of code quality in
analyzed products
Analyzing source code for key signs of technical debt, automatically building developer profiles and showing retrospective quality scores over time.
Open Source code inventory
Analyzing code composition, automatically finding package manager configuration files, identifying direct and transitive dependencies from open source software, generating the Software Bill of Materials.
Solutions That Work
We are committed to delivering new features that enhance security and transparency of your development process. Here are some of the capabilities available.
Supply chain protection
Protecting against malicious components, including compromised packages, and offering policies to prevent attacks on the software supply chain. Integrating with Nexus Repository Manager and JFrog Artifactory Pro.
Vulnerabilities in open source
We collect data from multiple data feeds, including NVD CVE, GHSA, OSV, and more than a dozen of ecosystem feeds. Our process includes de-duplicating records and identifying errors in publicly available data. Private feeds from market experts are available as well. Information is supplemented with data on secure package versions, links to patches and public exploits.
License compatibility
Determining licenses of detected open source components. Checking their compatibility with each other. Monitoring compliance with the organization's licensing policies.
Evaluation of code quality in
analyzed products
Analyzing source code for key signs of technical debt, automatically building developer profiles and showing retrospective quality scores over time.
Open source code inventory
Analyzing code composition, automatically finding package manager configuration files, identifying direct and transitive dependencies from Open Source software, generating the Software Bill of Materials.
Solutions That Work
We are committed to delivering new features that enhance security and transparency of your development process. Here are some of the capabilities available.
Supply chain protection
Protecting against malicious components, including compromised packages, and offering policies to prevent attacks on the software supply chain. Integrating with Nexus Repository Manager and JFrog Artifactory Pro.
Vulnerabilities in open source
We collect data from multiple data feeds, including NVD CVE, GHSA, OSV, and more than a dozen of ecosystem feeds. Our process includes de-duplicating records and identifying errors in publicly available data. Private feeds from market experts are available as well. Information is supplemented with data on secure package versions, links to patches and public exploits.
License compatibility
Determining licenses of detected open source components. Checking their compatibility with each other. Monitoring compliance with the organization's licensing policies.
Evaluation of code quality in
analyzed products
Analyzing source code for key signs of technical debt, automatically building developer profiles and showing retrospective quality scores over time.
What can CodeScoring do
CodeScoring is installed as an on-premise solution and ensures security at all stages of software development
02 Software composition analysis
CodeScoring SCA module
Software inventory: building SBoM and dependency graph, integrating checks into CI pipeline with blocking security and license compatibility policies
Checking open source at every stage of development cycle
Automatically detecting Open Source dependencies
Checking Docker-images and system packages
Configuring security policies using 30+ criteria
Providing information on detected vulnerabilities and licenses
Graph of component relations
03 Quality analysis
CodeScoring TQI module
Analysis of the organization's proprietory code: determining the composition of developers, assessing quality parameters over time to track operational risks
Analysis of code quality
Building profiles of developers with proven competence in projects
Functionality for internal recruiting
Determining key signs of tech debt
Reports and integration into development lifecycle
01 Protection of supply chain
CodeScoring OSA module
Checking and filtering components entering the organization's perimeter based on security risks
Protection against malicious components, including compromised packages
Policies to prevent popular attacks on software supply chain
Management of detected vulnerabilities
Integration with Nexus Repository Manager and Jfrog Artifactory PRO
04 Identification of secrets in code
CodeScoring Secrets module
Identification of sensitive information in source codes. Machine learning model is applied to reduce the volume of false positives
Secrets identification
Scan configuration management
True positive / false positive markup
Evaluation of findings (ML)
What can CodeScoring do
CodeScoring is installed as an on-premise solution and ensures security at all stages of software development
01 Protection of supply chain
02 Software composition analysis
03 Quality analysis
Protection against malicious components, including compromised packages
Checking Open Source at every stage of development cycle
Analysis of code quality
Policies to prevent popular attacks on software supply chain
Automatically detecting open source dependencies
Building profiles of developers with proven competence in projects
Checking and filtering components entering the organization's perimeter based on security risks
Software inventory: building SBoM and dependency graph, integrating checks into CI pipeline with blocking security and license compatibility policies
Analysis of the organization's proprietory code: determining team's composition, assessing quality parameters over time to track operational risks
Functionality for internal recruiting
Graph of component relations
Determining key signs of tech debt
Checking Docker-images and system packages
Integration with Nexus Repository Manager and Jfrog Artifactory PRO
Providing information on detected vulnerabilities and licenses
Reports and integration into development lifecycle
CodeScoring SCA module
CodeScoring TQI module
Management of detected vulnerabilities
CodeScoring OSA module
Configuring security policies using 30+ criteria
02 Software composition analysis
03 Analysis of quality
01 Protection of supply chain
04 Secrets identification in code
CodeScoring Secrets module
Identification of sensitive information in source code. Machine learning model is applied to reduce the volume of false positives
Secrets identification
Scan configuration management
True positives / False positives markup
Evaluation of findings (ML)
«CodeScoring is suitable for banks, IT companies, telecom operators, healthcare companies, computer security companies and other organizations that care about security and the quality of their products»
Alexey Smirnov, CEO Profiscope
Profiscope
We have been working with global open source database since 2011. Since 2019 we have been organizing a conference on CodeMining source code analysis in OpenDataScience. In January 2021, we released the commercial version of CodeScoring to the secure development tools market.
> 200m
> 30 experts
> 5 years
Analyzed Open Source projects
and libraries
Developing the platform, collecting and analyzing the data on global Open Source and its vulnerabilities
Experience in conducting tech audits and developing in-house code analyzers
Алексей Смирнов, Гендиректор Profiscope
Security policies for every phase of development
Check components at each stage of the software development lifecycle, a separate policy can be configured for each stage
Public OpenSource
registries
Project assembly in CI pipeline+
Safe
product
Source code control
Proxy repositories
Проверка компонентов в прокси-репозиториях: блокирование вредоносных и особо уязвимых пакетов
Проверка в рамках конвейера разработки: от сканирования директории с кодом, проверки артефактов до сканирования образов
Регулярная проверка исходных кодов которые ещё не дошли до сборки и уведомление ответственных. Рекуррентное сканирование кода и SBoM.
Convenient UI
CodeScoring provides a comfortable experience and clear interface to solve your problems
Working with dependencies
We have implemented a handy interactive relationship graph where you can immediately understand the relationships between components and get detailed information on problematic dependencies.
Convenient UI
CodeScoring provides a comfortable experience and clear interface to solve your problems
Working with dependencies
We have implemented a handy interactive dependency graph where you can immediately understand the relationships between components and get detailed information on problematic dependencies
Request a demo
Here you can request a demo, check pricing, get an educational license, or partner with us.