Request a demo
Please write your contact details and we will contact you soon
Blocking malicious or particularly vulnerable open-source components and preventing them from entering the development pipeline.
Efficient and convenient software supply chain protection
Open Source Analysis
CodeScoring.OSA
Problems solved by CodeScoring.OSA
In addition to regularly discovered vulnerabilities, every day malicious content components are introduced into Open Source package ecosystems that can enter the developer organization's environment and lead to the undesirable consequences of data theft or loss.
> 200m
x2.5
x13
Open source projects with 5+ million ready-to-use packages and 75+ million versions.
Increase in downloads of Open Source components in the last year
Increase in number of known supply chain attacks over the 2022-2023 period: Dependency Confusion, Typosquatting, etc.
Dependency Confusion
Typosquatting
Namesquatting
Repojacking
Brandjacking
Malicious Code Injection
OSV
NVD CVE
GHSA
Identification and correction
of vulnerabilities
of vulnerabilities
We collect data from multiple data feeds, including NVD CVE, GHSA, OSV, and more than a dozen of ecosystem feeds. Our process includes de-duplicating records and identifying errors in publicly available data. Private feeds from market experts are available as well. Information is supplemented with data on secure package versions, links to patches and public exploits.
CodeScoring.OSA
key features
key features
Filtering components that enter your organization's perimeter based on security risks. CodeScoring plugins are embedded in Nexus Repository and JFrog Artifactory proxy repositories for blocking malicious or vulnerable components in accordance with configured security policies.
Flexible security policies
When setting up a policy system, you can configure it not only based on the severity of a vulnerability but also by specific components of the CVSS vector or CWE. Additionally, you can track packages using a blacklist, age, author, or other criteria.
Integration into the CodeScoring
platform
platform
The OSA module is fully integrated into the CodeScoring platform and translates its capabilities: a user-friendly triage interface, policy settings, integrations with email notifications, task management systems and SOAR/ASOC, an extended role model with AD support and the ability to use APIs.
OSV
NVD CVE
GHSA
Identification and correction of vulnerabilities
We collect data from multiple data feeds, including NVD CVE, GHSA, OSV, and more than a dozen of ecosystem feeds. Our process includes de-duplicating records and identifying errors in publicly available data. Private feeds from market experts are available as well. Information is supplemented with data on secure package versions, links to patches and public exploits.
CodeScoring.OSA
key features
key features
Filtering components that enter your organization's perimeter based on security risks. CodeScoring plugins are embedded in Nexus Repository and JFrog Artifactory proxy repositories for blocking malicious or vulnerable components in accordance with configured security policies.
Flexible security policies
When setting up a policy system, you can configure it not only based on the severity of a vulnerability but also by specific components of the CVSS vector or CWE. Additionally, you can track packages using a blacklist, age, author, or other criteria.
Integration into the CodeScoring
platform
platform
The OSA module is fully integrated into the CodeScoring platform and translates its capabilities: a user-friendly triage interface, policy settings, integrations with email notifications, task management systems and SOAR/ASOC, an extended role model with AD support and the ability to use APIs.
Correction and identification
of vulnerabilities
of vulnerabilities
We collect data from multiple data feeds, including NVD CVE, GHSA, OSV, and more than a dozen of ecosystem feeds. Our process includes de-duplicating records and identifying errors in publicly available data. Private feeds from market experts are available as well. Information is supplemented with data on secure package versions, links to patches and public exploits.
CodeScoring.OSA
key features
key features
Filtering components that enter your organization's perimeter based on security risks. CodeScoring plugins are embedded in Nexus Repository and JFrog Artifactory proxy repositories for blocking malicious or vulnerable components in accordance with configured security policies.
Flexible security policies
When setting up a policy system, you can configure it not only based on the severity of a vulnerability but also by specific components of the CVSS vector or CWE. Additionally, you can track packages using a blacklist, age, author, or other criteria.
Integration into the CodeScoring platform
The OSA module is fully integrated into the CodeScoring platform and translates its capabilities: a user-friendly triage interface, policy settings, integrations with email notifications, task management systems and SOAR/ASOC, an extended role model with AD support and the ability to use APIs.
OSV
NVD CVE
GHSA
Supported systems
Integrated into the platform
Configure separate security policies for each stage of the software development lifecycle
Public registries of OpenSource
Project assembly
in CI pipeline +
in CI pipeline +
Safe
product
product
Source code control
Proxy-repositories
Проверка компонентов в прокси-репозиториях: блокирование вредоносных и особо уязвимых пакетов
Регулярная проверка исходных кодов которые ещё не дошли до сборки и уведомление ответственных. Рекуррентное сканирование кода и SBoM.
Проверка в рамках конвейера разработки: от сканирования директории с кодом, проверки артефактов до сканирования образов
Request a demo
Here you can request a demo, check pricing, get an educational license, or partner with us.
