Cycode Adds New Software Bill of Materials Capabilities to Software Composition Analysis Solution
SAN FRANCISCO, June 06, 2023
Cycode, the leading application security platform, today announced the release of Cycode Software Bill of Materials (SBOM), a complementary feature to Cycode’s Next-Gen Software Composition Analysis (SCA) solution.
SBOMs are a standardized, machine-readable inventory of software components and dependencies. Often described as a list of ingredients for your software, SBOMs track the details and supply chain relationships of open-source software and third-party components and their dependencies.
Cycode SBOM helps organizations deliver full transparency into the open source and third-party components that make up their software. The Cycode SBOM report provides a comprehensive inventory of software components used in organizations’ applications and defines the supply chain relationship between components.
Cycode enables the creation of SBOMs with just the click of a button and the ability for SBOMs to be generated in either The Linux Foundation’s SPDX or OWASP’s CycloneDX formats. In addition, Cycode SBOM allows organizations to include packages’ vulnerability data in the report to easily understand the risk. Finally, Cycode can automatically generate SBOMs from repositories and during the CI/CD build process as part of developers’ workflow. Generating SBOMs at the build stage ensures that organizations have the most accurate SBOM possible.
“By delivering SBOM as an additional feature in our Next-Gen SCA solution, organizations now have full visibility into the open source and third-party components that make up their software,” said Ronen Slavin, co-founder and CTO of Cycode. “Cycode SBOM helps organizations proactively secure their applications and software supply chains with the click of a button, provides greater transparency to downstream customers, and helps organizations meet new federal regulations.”
Cycode also provides the ability to customize SBOMs. SBOMs can be generated by an organization or by repository label, which is based on business logic that many organizations use. All SBOMs can be downloaded in JSON, a lightweight interchange format.
Cycode SBOM identifies open source and third-party components, so organizations can reduce their software supply chain risk. Learn more here.
Cycode’s modern approach to application security enables organizations to effectively secure their cloud-native applications with cost-efficient use of tooling and staff across the SDLC. The Cycode platform makes AppSec tools better through its Knowledge Graph, which provides complete context of the SDLC to improve accuracy and reduce mean-time-to-remediation (MTTR). Cycode merges the top eight AppSec tools into the industry’s most advanced and comprehensive AppSec platform. By correlating data across these tools Cycode offers new capabilities, like Pipeline Composition Analysis which identifies vulnerable dependencies and security issues missed by legacy tools like SCA and SAST—across the entire SDLC; pinpoints vulnerable dependency locations; and prioritizes threats by exploitability.