CodeSecure, a leading global provider of application security testing (AST) solutions, and FOSSA, the complete software supply chain platform, today announced a strategic partnership and native product integration that enables organizations to eliminate security blindspots associated with both third party and open source code.
Also Read: How Edge Computing is Accelerating AI Workloads for Enterprises
The partnership combines CodeSecure’s CodeSentry Binary Composition Analysis (BCA) capabilities within FOSSA’s advanced software supply chain analysis and SBOM management platform. This single integrated solution provides continuous visibility for proactively detecting and mitigating software security vulnerabilities and compliance violations at every stage of the software development lifecycle (SDLC).
The CodeSentry-FOSSA integration allows App Developers and DevSecOps teams to generate comprehensive SBOMs that account for both open source and binaries contained in their software builds—providing comprehensive transparency into vulnerabilities, dependencies, and compliance violations. By identifying vulnerabilities during the development phase—when they are easier and more cost-effective to remediate—this integrated platform reduces risk and accelerates secure software delivery.
Open-source software and third-party software components—including libraries, add-ons, drivers, operating system components, and networking code—present unique security challenges. While open source analysis tools are effective for scanning vulnerabilities in accessible source code files, many third-party and infrastructure components are distributed as precompiled binaries. These binaries require specialized BCA to accurately identify embedded vulnerabilities, dependencies, and potential risks. The FOSSA platform with BCA provides unified scanning, which is required to achieve comprehensive software security coverage.
“Modern software applications are constantly growing in complexity and composed of components that developers might not fully control or even see,” said Mike Dager, CEO of CodeSecure. “Our partnership with FOSSA creates a single, cohesive platform that ensures comprehensive visibility into both open source and binary code, allowing teams to confidently manage their software supply chains from development through deployment.”
“Customers expect seamless security insights across the entire software supply chain, including first-party code, open source components, and binaries,” said Kevin Wang, CEO of FOSSA. “Integrating CodeSecure’s market leading binary analysis capabilities into the FOSSA platform allows our customers to comprehensively inventory and secure their software—eliminating critical blindspots and enhancing their security posture.”
Also Read: Edge Computing vs. Cloud AI: Striking the Right Balance for Enterprise AI Workloads
The FOSSA platform, pre-integrated with CodeSecure CodeSentry, addresses the following DevSecOps needs:
- Comprehensive SBOM Generation: Consolidates insights from both source and binary code analysis to produce accurate, complete software inventories.
- Early Vulnerability Detection and Remediation: Identifies and helps mitigate vulnerabilities early in the development lifecycle, reducing complexity and cost.
- Unified Security and Compliance Management: Provides a single source for maintaining software licensing compliance and securing third-party dependencies.
[To share your insights with us as part of editorial or sponsored content, please write to psen@itechseries.com]
