Secure Software Supply Chain

Protecode Supply Chain is a comprehensive Software Composition Analysis (SCA) solution for managing risk in complex software supply chains. Leverage Protecode Supply Chain during procurement and operations to gain visibility into the composition of purchased software, make better buying decisions, and manage the ongoing risk of operating complex systems and software.

The Market Landscape

In order to drive innovation and efficiency, organizations consume various systems and software from numerous suppliers to build, operate, and maintain critical business infrastructure. As businesses continue to demand better, faster technology, systems and software grow increasingly reliant on a complex software supply chain for third-party software components. While this software supply chain presents many advantages, it also presents many challenges and must be managed with security in mind:

  • Software As A Patchwork: Virtually all software is built with the help of third-party components, including free and open source software (FOSS), commercial off the shelf code (COTS), and internally developed components, which are rarely sourced with security in mind and often contain vulnerabilities.
  • Deferred Accountability: Consumers of software and systems falsely assume that security and robustness are upstream responsibilities, bearing the risk of an unchecked software supply chain.
  • Ground Zero For Attacks: Vulnerable third-party software and components represent weak links in an organization’s software supply chain that provide a point of entry for attacks.

Product Overview

Protecode Supply Chain is a binary and run-time code analysis platform that addresses the challenges of an increasingly complex and fragmented software supply chain. Protecode Supply Chain performs a quick analysis to identify third-party or open source components, their known vulnerabilities, their software licenses, and other risk-related information. Because Protecode Supply Chain analyzes the binary code, it can scan practically any software and system, including desktop and mobile applications, embedded system firmwares, and more.

Image of Protecode Supply Chain chart

Key Features

  • Scan Virtually Any Software or Firmware in Minutes. Gain visibility into essentially any software or firmware, including desktop and mobile applications, embedded system firmwares, virtual appliances, and more.
  • No Source Code Required. Simply upload the software you want to assess and Protecode Supply Chain performs a thorough binary or run-time analysis in minutes. This black box technique emulates an attacker’s approach to detect vulnerabilities.
  • Comprehensive Bill of Materials. Identify and catalog all third-party software components and licenses.
  • Manage Your Risk Profile. Diagnose software health by identifying known vulnerabilities and licensing obligations within software components.
  • Proactively Combat Code Decay. Receive alerts for newly discovered vulnerabilities that affect previously scanned software.
  • Flexible Delivery Model. Available as a cloud-based service or on-premise appliance.

Protecode Supply Chain At-A-Glance

The power and versatility of Protecode Supply Chain is balanced by its intuitive user interface and ease of use. 

Dashboard Summary

Protecode Supply Chain has an interactive dashboard that provides a high-level overview of scanned software’s composition and overall health. The summary includes: 

  • Software Bill of Materials (BOM) that includes third-party components & libraries
  • Vulnerability Assessment
  • Open source licenses report

Software Bill Of Materials

Protecode Supply Chain provides detailed information about each identified component, including versions, location, license obligations, known vulnerabilities, and more. 

Protecode Supply Chain references against the NIST National Vulnerability Database (NVD) and utilizes an advanced priopriety engine to provide enhanced, relevant information about each vulnerability, including the CVE identifier and severity.