Company is also offering a free SBOM service that allows organizations to detect open source software in third party components and legacy applications
BETHESDA, Md., March 7, 2023 — GrammaTech, a leading provider of application security testing (AST) products and software research services, today announced a new version of its CodeSentry binary SCA platform that is available in three editions. For a limited time, the company is also offering a no cost software bill of materials (SBOM) service that performs an inventory and security vulnerability analysis of applications without access to source code.
Qualified organizations simply register here to provide a binary or artifact to GrammaTech. They will receive a free SBOM report in their preferred format that exposes software supply chain, third party and open source security risks associated with their application.
Unlike source-code SCA tools that only inspect components under development, CodeSentry analyzes the binary that executes to identify all components or vulnerabilities including those contained in post production applications. Since most software vendors use components that contain open source software, CodeSentry identifies second, third and fourth party components regardless of where they enter the software supply chain by analyzing the final binary “as deployed”. This allows organizations to identify vulnerable open source before it is incorporated into released products. Finally, CodeSentry detects and tracks N-day and Zero-day vulnerabilities throughout the software lifecycle, supported by daily updates.
“CodeSentry is now available in three editions which allows customers to choose the application security capabilities that align with their requirements for software inventory, vulnerability assessment or security intelligence,” said Walter Capitani, Director of Technical Product Management for GrammaTech. “Plus, with the SBOM Edition, organizations can inventory their software as a first step in implementing a proactive software supply chain security program to avoid fire drills caused by incidents like Log4j.”
CodeSentry Editions
Each CodeSentry edition offers distinct capabilities to address the scale and maturity needs of an organization:
SBOM Edition: generates a software inventory to identify at-risk open-source components and assess licensing information to avoid compliance violations. Maintaining SBOMs for all applications enables organizations to proactively search for known vulnerable components and avoid the next open source “fire drill” like Log4j.
Security Edition: SBOM Edition capabilities plus identifies component N-Day vulnerabilities, provides security scoring for application risk assessment, assesses exploitability across components, and supports additional deployment and API options.
Advanced Security Edition: SBOM and Security Edition capabilities plus the ability to detect Zero-Day Vulnerabilities, support for advanced scanning to detect advanced N-Day weaknesses, and assess packaging security risk.
CodeSentry Platform Enhancements
In addition to the new tiered offerings, the latest version of CodeSentry features:
- A visualization dashboard that provides a comprehensive overview of artifact scanning and results across the CodeSentry instance
- Software component inventory search that finds vulnerable and exploitable components within or across scans to accelerate incident response and mitigate supply chain risks like Log4j
- Vulnerability intelligence which includes the ability to create a VEX export in CycloneDX format, allowing for easy sharing of vulnerability information
- Enriched security intelligence including new information on more than 2,300 vulnerabilities and 3,800 new components, with daily updates to its vulnerability database
- SBOMs that include a CPE (common platform enumeration) dictionary field and standard machine-readable formats for encoding names of IT products and platforms to help customers meet federal IT security compliance requirements
Availability
The three new GrammaTech CodeSentry editions are available immediately from GrammaTech and its business partners worldwide. The free SBOM service is available here.
Read the blog on Announcing CodeSentry 4.2
About GrammaTech
GrammaTech is a leading global provider of application security testing (AST) solutions used by the world’s most security conscious organizations to detect, measure, analyze and resolve vulnerabilities for software they develop or use. The company is also a trusted cybersecurity and artificial intelligence research partner for the nation’s civil, defense, and intelligence agencies. GrammaTech has corporate headquarters in Bethesda MD, a Research and Development Center in Ithaca NY, and publishes Shift Left Academy, an educational resource for software developers. Visit us at https://www.grammatech.com/, and follow us on LinkedIn and Twitter.
CodeSonar® and CodeSentry® are registered trademarks of GrammaTech, Inc.