SCA: Securing Modern SDLCs with Pipeline Composition Analysis

categories icon Webinar

The first incarnation of software composition analysis (SCA) technologies came out in 2002 when dependencies were a relatively minor part of software development. Much has changed in 20 years, and modern applications are made up of 90% third-party code. Today, dependencies exist across all phases of the SDLC, not just in application code. Furthermore, the increasing number of dependencies in each application, combined with much faster release cycles, has led to many more vulnerabilities to fix with far less time for mitigation. Yet, traditional SCA technologies remain focused solely on dependencies in application code and fail to deliver the agility or speed that modern security teams need to prioritize and fix emerging threats.

Pipeline Composition Analysis (PCA) advances dependency security in several key ways to benefit modern SDLCs. First PCA identifies vulnerabilities inside the application’s code as well as in the software delivery pipeline itself. Next, PCA understands the entire SDLC, not just the development phase, which enables PCA to prioritize remediation based on runtime exploitability. Additionally, PCA traces deployment paths to identify where vulnerability dependencies exist in production environments such as specific Kubernetes pods. Thus, PCA gives security teams the breadth to secure all of their dependencies, the knowledge to focus on the riskiest threats and the speed to quickly react to ever increasing volume of CVEs.

This webinar covers:

  • The evolution of software dependency security
  • Modern dependency security challenges
  • Why existing SCA technology cannot solve the challenges
  • The technology requirements of Pipeline Composition Analysis
  • Pipeline Composition Analysis benefits

Presented by:

Orion Cassetto
Orion Cassetto
Sr. Director of Product Marketing
Julie Peterson
Julie Peterson
Sr. Product Marketing Manager


To access the resource please complete the form

By submitting this form I agree to be contacted by Cycode, and receive occasional offers & product updates via phone or email in line with Cycode's Privacy Policy.