Governance in Software Composition Analysis Governance in SCA solutions is an often overlooked yet extremely powerful feature set that can significantly improve a company’s supply chain security, and legal compliance. Governance or Governance Policies consist of the ability to create rules which restrict open source packages based on certain criteria. The result of running these…
Continue Reading
SOOS Community Edition is Totally Free!
SOOS’s new Community Edition is a totally free version of our software composition analysis (SCA) tool available to educational users and all developers working on open source projects. That’s FREE, as in beer. Free Vulnerability Scanner Now you can access the most practical and effective supply chain security tool available, at no cost. Identify and…
Continue Reading
What is Software Composition Analysis?
Software is only as safe as the code used to build it. Today, more than 90% of all new software is built using open source code, which can contain unknown risks and dependencies. Software Composition Analysis is a critical tool in reducing risks with third party packages. SOOS’s Software Composition Analysis (SCA) tools mitigate this…
Continue Reading
SOOS Year in Review
We’ve had an exciting year at SOOS. We want to thank all of our customers for a great 2022, and an even better 2023!
Continue Reading
SBOM 101: What is an SBOM? Why are they important?
SBOM stands for “software bill of materials.” At its most simplistic level, an SBOM is a list of “ingredients” that describes the components in a software application. More precisely (per the NTIA), a SBOM is a “complete, formally structured list of components, libraries and modules that are required to build a given piece of software…
Continue Reading
SBOMs to Be Required for Software Developers Who Do Business with the Federal Government
In May of 2021, the Biden Administration issued a new and aggressive mandate to all government agencies to ratchet up cybersecurity. As a result, we can expect to see an SBOM requirement for all software developers doing business with the Federal Government. EO 14028, The Executive Order Improving the Nation’s Cybersecurity, is a broad and…
Continue Reading
The Executive Order on Improving the Nation’s Cybersecurity is a Game-Changer. Get Ready.
On May 12, 2021, President Biden issued the “Executive Order on Improving the Nation’s Cybersecurity (14028).” It’s a game-changing piece of legislation. And, like a lot of federal policy, it’s dense and hard to read, often raising as many questions as it answers. This order is frequently referred to as the Executive Order on Cybersecurity….
Continue Reading
ZAP vs. SOOS: Dynamic Application Security Testing Tool Comparison
OWASP’s ZAP is a free, open-source DAST scanner widely used by security professionals around the world to find web application vulnerabilities. SOOS’s DAST scanning abilities are built on ZAP’s foundations, but with added features that makes automated DAST scanning an affordable and seamless part of your software development cycle. SOOS makes it easy to add DAST to the…
Continue Reading
SOOS Partners with RKVST
It’s been a year since US President Joe Biden issued Executive Order 14028, “Improving the Nation’s Cybersecurity”, published after the SolarWinds attack (one of the worst data breaches in the last decade). The executive order provides a set of requirements as well as a timeline for strengthening the security of the apps built and used by…
Continue Reading
SOOS Joins The DigitalOcean Wave
DigitalOcean is a cloud computing platform that makes it easy for developers, startups, and SMBs to build and deploy applications at scale. The large tech titans (Amazon, Google, Microsoft) dominate the enterprise market, but DigitalOcean has found its mission and market niche by focusing on the needs of SMBs. DigitalOcean’s platform is known for its simplicity,…
Continue Reading