Revenera Provides Engineering and Legal Teams with Insights to Manage Enterprise Open Source Usage
Expanded SCA Functionality Delivers a Complete Software Bill of Materials (SBoM) for Open Source Compliance
Itasca, IL - December 2, 2020 Revenera, producer of leading solutions that help technology companies build better products, accelerate time to value and monetize what matters, announces new functionality in its Software Composition Analysis (SCA) solution focused on delivering a complete and accurate Software Bill of Materials (SBoM).
Recognizing that the software supply chain continues to mature and in response to the rise in required standards and regulations around the use of open source software, Revenera has added major functionality to its Revenera Code Insight product to support companies that build and sell software. “You’d think that software suppliers are aware of the open source components they use, but in audits conducted by Revenera we see that companies are only aware of less than 6% of open source components they’re using. Revenera is uniquely positioned to support companies who are right now feeling increased pressures from their customers and stakeholders to produce an SBoM,” said Nicole Segerer, vice president of product and marketing at Revenera. “Code Insight helps software companies meet industry standards. It provides an accurate, complete inventory of what open source components are used in their products, and helps suppliers understand any associated compliance and security risks.”
In the last few years alone, the industry saw increased movement on requirements for software vendors. These include guidance to not just manage open source and risk, but to be able to disclose a list of components, complete with software supply chain partners. New regulations, implemented by organizations like PCI, MITRE, NTIA, the FDA, and the Open Web Application Security Project (OWASP), put increased ownership on organizations to:
- Maintain an up-to-date SBoM of all open source software components used in their applications,
- Follow a process to identify security vulnerabilities within all open source software components,
- Monitor existing open source components used in their applications for new security vulnerabilities, and
- Implement a policy and patching process to remediate impacted open source software components.
“Software Composition Analysis is a very important component of the DevOps process,” said Alex Rybak, director of product management at Revenera. “Many see SCA strictly as a security function, which is not a complete picture. We’re excited to see more adoption of specific SCA processes in the software development lifecycle.”
Revenera added new functionality to provide customers with a complete picture of open source inventory, project hierarchies, and the ability to scan and connect multiple projects and branches of projects in a hierarchy. Code Insight gives suppliers the ability to create an SBoM for their software products, track it over time, and to completely manage the chain of custody.
Key enhancements to the solution include:
- Unified projects to support combined views of pre-build source code inventory along with build artifacts including direct and transitive dependencies.
- Project hierarchy support to accurately model complex software applications consisting of multiple re-usable modules, often developed by different teams.
- A new global inventory view that supports, 1) a complete indented SBoM comprising the top-down view of software applications, and 2) custom multi-criteria queries to display inventory items (SBoM elements) of interest across the organization. These queries can be used to identify specific components, licenses and/or security vulnerabilities to quickly identify usage across the organization and potential impact of security issues on internal applications.
- Project branching support to allow development teams to keep Code Insight synchronized with code repositories as applications are released or new branches are created throughout an application’s lifecycle.
- Inventory provenance to manage open source chain of custody.
- Custom reporting and detector frameworks that further extend Code Insight’s flexibility.
Revenera’s strategy is confirmed by leading analysts in the space who discuss the impact of hidden costs related to open source use and the subsequent requirements for software suppliers to improve their operational excellence and remove risk from their business. According to Jim Mercer, Research Director at IDC, a leading provider of global IT research and advice, “Organizations should realize that when OSS components are included in their application code, they implicitly inherit all the subsequent components used by those components as well as the transitive/indirect dependencies. To ensure that they are protected from known common vulnerabilities and exposures (CVEs), organizations need to track direct and indirect software components using a software bill of material (SBoM).”*
* IDC Analyst Brief, Sponsored by Revenera, Addressing the Hidden Cost of Embedding Open Source Software, #US46977220, November 2020.
Revenera helps product executives build better products, accelerate time to value and monetize what matters. Revenera’s leading solutions help software and technology companies drive top line revenue with modern software monetization, understand usage and compliance with software usage analytics, empower the use of open source with software composition analysis and deliver an excellent user experience—for embedded, on-premises, cloud and SaaS products. To learn more, visit www.revenera.com.