SCANOSS Announces Vulnerability Checking for SBOMs as a Free Service
SCANOSS has made a massive data contribution to the open source community that will allow anyone to check their software bill of materials (SBOM) against known vulnerabilities, freely, securely and anonymously.
SCANOSS, a leading provider of software composition analysis (SCA) and Open Source Intelligence, has announced the release of CPE to PURL (Package URL) relations as open source. This move will allow organizations to keep track of known vulnerabilities in any of their SBOM (Software Bills of Materials) securely, anonymously and free. Security is of the utmost importance when it comes to managing software assets, and the ability to track and manage dependencies is a crucial aspect of ensuring the security and compliance of an organization’s software assets.
CPE (Common Platform Enumeration) is a standardized naming system for IT products and platforms, including operating systems, applications, and hardware. It is important for organizations to know the CPE for each open source component they use, as it allows them to connect with the known vulnerabilities associated with that component as listed in the CVE (Common Vulnerabilities and Exposures) database. By tracking and managing these dependencies, organizations can ensure that their applications are secure and compliant.
PURLs, on the other hand, are package, unique URLs that can be used to identify and locate online resources, such as software assets. By linking CPEs to PURLs, organizations can more easily track and manage the dependencies in their software applications, as well as ensure that they are using the most up-to-date versions. This process is known as creating a SBOM, which is a complete list of the dependencies in a software application and the known vulnerabilities associated with each one.
Read More: SalesTechStar Interview with Jeannine Shao Collins, Chief Client Officer at Kargo
The release of CPE to PURL relations as open source will have several benefits for organizations. First and foremost, it will allow them to more easily track and manage the dependencies in their software applications, ensuring compliance with industry regulations and minimizing the risk of security vulnerabilities. It will also enable organizations to more easily share information about their software assets with other parties, such as suppliers and customers.
In addition, the open source nature of CPE to PURL relations will allow organizations to customize and extend the functionality of the system to meet their specific needs. This will enable them to better meet the unique requirements of their business and ensure that they are able to fully leverage the benefits of the system.
Read More: Carving is for Turkeys, Not Territories
Overall, the release of CPE to PURL relations as open source by SCANOSS is a significant development for organizations looking to more effectively track and manage the dependencies in their software applications. It will enable them to ensure compliance with industry regulations, minimize the risk of security vulnerabilities, and more easily share information with other parties. The ability to connect CPEs to known vulnerabilities listed in the CVE database is particularly important for ensuring the security and compliance of an organization’s software assets.