Software compositional analysis solution for safe operations with open source, license compatibility check and code quality assessment.

CodeScoring

Open source code inventory

Analyzing code composition, automatically finding package manager configuration files, identifying direct and transitive dependencies from open source software, generating the Software Bill of Materials.

Solutions That Work

We are committed to delivering new features that enhance security and transparency of your development process. Here are some of the capabilities available.

Supply chain protection

Protecting against malicious components, including compromised packages, and offering policies to prevent attacks on the software supply chain. Integrating with Nexus Repository Manager and JFrog Artifactory Pro.

Vulnerabilities in Open Source

We collect data from multiple data feeds, including NVD CVE, GHSA, OSV, and more than a dozen of ecosystem feeds. Our process includes de-duplicating records and identifying errors in publicly available data. Private feeds from market experts are available as well. Information is supplemented with data on secure package versions, links to patches and public exploits.

License compatibility

Determining licenses of detected open source components. Checking their compatibility with each other. Monitoring compliance with the organization's licensing policies.

Evaluation of code quality in
analyzed products

Analyzing source code for key signs of technical debt, automatically building developer profiles and showing retrospective quality scores over time.

What can CodeScoring do

CodeScoring is installed as an on-premise solution and ensures security at all stages of software development

02 Software composition analysis

CodeScoring SCA module

Software inventory: building SBoM and dependency graph, integrating checks into CI pipeline with blocking security and license compatibility policies

Checking open source at every stage of development cycle

Automatically detecting Open Source dependencies

Checking Docker-images and system packages

Configuring security policies using 30+ criteria

Providing information on detected vulnerabilities and licenses

Graph of component relations

03 Quality analysis

CodeScoring TQI module

Analysis of the organization's proprietory code: determining the composition of developers, assessing quality parameters over time to track operational risks

Analysis of code quality

Building profiles of developers with proven competence in projects

Functionality for internal recruiting

Determining key signs of tech debt

Reports and integration into development lifecycle

01 Protection of supply chain

CodeScoring OSA module

Checking and filtering components entering the organization's perimeter based on security risks

Protection against malicious components, including compromised packages

Policies to prevent popular attacks on software supply chain

Management of detected vulnerabilities

Integration with Nexus Repository Manager and Jfrog Artifactory PRO

04 Identification of secrets in code

CodeScoring Secrets module

Identification of sensitive information in source codes. Machine learning model is applied to reduce the volume of false positives

Secrets identification

Scan configuration management

True positive / false positive markup

Evaluation of findings (ML)