In addition to regularly discovered vulnerabilities, every day malicious content components are introduced into Open Source package ecosystems that can enter the developer organization's environment and lead to the undesirable consequences of data theft or loss.
> 200m
x2.5
x13
Open source projects with 5+ million ready-to-use packages and 75+ million versions.
Increase in downloads of Open Source components in the last year
Increase in number of known supply chain attacks over the 2022-2023 period: Dependency Confusion, Typosquatting, etc.
Dependency Confusion
Typosquatting
Namesquatting
Repojacking
Brandjacking
Malicious Code Injection
OSV
NVD CVE
GHSA
Identification and correction of vulnerabilities
We collect data from multiple data feeds, including NVD CVE, GHSA, OSV, and more than a dozen of ecosystem feeds. Our process includes de-duplicating records and identifying errors in publicly available data. Private feeds from market experts are available as well. Information is supplemented with data on secure package versions, links to patches and public exploits.
CodeScoring.OSA key features
Filtering components that enter your organization's perimeter based on security risks. CodeScoring plugins are embedded in Nexus Repository and JFrog Artifactory proxy repositories for blocking malicious or vulnerable components in accordance with configured security policies.
Flexible security policies
When setting up a policy system, you can configure it not only based on the severity of a vulnerability but also by specific components of the CVSS vector or CWE. Additionally, you can track packages using a blacklist, age, author, or other criteria.
Integration into the CodeScoring platform
The OSA module is fully integrated into the CodeScoring platform and translates its capabilities: a user-friendly triage interface, policy settings, integrations with email notifications, task management systems and SOAR/ASOC, an extended role model with AD support and the ability to use APIs.
OSV
NVD CVE
GHSA
Identification and correction of vulnerabilities
We collect data from multiple data feeds, including NVD CVE, GHSA, OSV, and more than a dozen of ecosystem feeds. Our process includes de-duplicating records and identifying errors in publicly available data. Private feeds from market experts are available as well. Information is supplemented with data on secure package versions, links to patches and public exploits.
CodeScoring.OSA key features
Filtering components that enter your organization's perimeter based on security risks. CodeScoring plugins are embedded in Nexus Repository and JFrog Artifactory proxy repositories for blocking malicious or vulnerable components in accordance with configured security policies.
Flexible security policies
When setting up a policy system, you can configure it not only based on the severity of a vulnerability but also by specific components of the CVSS vector or CWE. Additionally, you can track packages using a blacklist, age, author, or other criteria.
Integration into the CodeScoring platform
The OSA module is fully integrated into the CodeScoring platform and translates its capabilities: a user-friendly triage interface, policy settings, integrations with email notifications, task management systems and SOAR/ASOC, an extended role model with AD support and the ability to use APIs.
Correction and identification of vulnerabilities
We collect data from multiple data feeds, including NVD CVE, GHSA, OSV, and more than a dozen of ecosystem feeds. Our process includes de-duplicating records and identifying errors in publicly available data. Private feeds from market experts are available as well. Information is supplemented with data on secure package versions, links to patches and public exploits.
CodeScoring.OSA key features
Filtering components that enter your organization's perimeter based on security risks. CodeScoring plugins are embedded in Nexus Repository and JFrog Artifactory proxy repositories for blocking malicious or vulnerable components in accordance with configured security policies.
Flexible security policies
When setting up a policy system, you can configure it not only based on the severity of a vulnerability but also by specific components of the CVSS vector or CWE. Additionally, you can track packages using a blacklist, age, author, or other criteria.
Integration into the CodeScoring platform
The OSA module is fully integrated into the CodeScoring platform and translates its capabilities: a user-friendly triage interface, policy settings, integrations with email notifications, task management systems and SOAR/ASOC, an extended role model with AD support and the ability to use APIs.
OSV
NVD CVE
GHSA
Supported systems
Integrated into the platform
Configure separate security policies for each stage of the software development lifecycle
Public registries of OpenSource
Project assembly in CI pipeline +
Safe product
Source code control
Proxy-repositories
Проверка компонентов в прокси-репозиториях: блокирование вредоносных и особо уязвимых пакетов
Регулярная проверка исходных кодов которые ещё не дошли до сборки и уведомление ответственных. Рекуррентное сканирование кода и SBoM.
Проверка в рамках конвейера разработки: от сканирования директории с кодом, проверки артефактов до сканирования образов
Request a demo
Here you can request a demo, check pricing, get an educational license, or partner with us.