Post preview
Request a Personalized DerScanner Demo

DerScanner Launches Software Composition Analysis 2.0 with Unified Threat Prevention Worflow

DerScanner, an application security testing platform, is excited to announce the release of its latest version, which introduces a groundbreaking upgrade to its Software Composition Analysis (SCA) capabilities. The new SCA 2.0 is set to revolutionize how organizations approach open source security by offering a seamless workflow that integrates Software Bill of Materials (SBOM) generation, enhanced vulnerability identification, and effective threat remediation.

Key Features of DerScanner’s SCA 2.0 Module:

  • Integrated SBOM Generator: Simplifies the process of creating detailed SBOMs by eliminating the need for external tools, allowing users to effortlessly generate SBOMs directly within DerScanner.
  • Dependency Tree Graph: Visualizes project dependencies, making it easier to identify and address security vulnerabilities in both direct and transitive dependencies.
  • Hybrid SAST + SCA Analysis: Combines the strengths of SCA and Static Application Security Testing (SAST) to deliver precise vulnerability assessments, including detailed call tracing and execution tracking of vulnerable functions.
  • Confi AI for SCA: Advanced AI-driven algorithms minimize false positives, ensuring that security teams focus on the most critical vulnerabilities, saving time and improving remediation efforts.
  • Enhanced PURL Mapping: Increases accuracy in vulnerability identification by utilizing Package URL (PURL), a more precise mapping method tailored specifically for packages, improving reliability compared to traditional CPE mapping.
  • MavenGate Attack Prevention: Proactively monitors expired domains linked to Maven packages, mitigating the risk of domain hijacking in JVM-based projects.

With these enhancements, DerScanner’s SCA 2.0 module addresses the growing challenges of managing open source security, enabling organizations to confidently secure their software supply chains.

"Now, our customers can confidently continue using open source packages while avoiding security risks. With the new updates, they can seamlessly assess the security of open-source-rich projects all within the unified DerScanner platform." said Dan Chernov, CEO at DerScanner. 

In addition to the SCA 2.0 module, the latest release of DerScanner also includes enhancements in Static Application Security Testing (SAST), integrations with Defect Dojo for improved SDLC management, and support for new programming languages such as YAML, TOML, Bash, Powershell, and XML.

 

About DerSecur

Since its inception in 2011, DerSecur has been at the forefront of application security. Its flagship product, DerScanner, represents the pinnacle of security technology, capable of analyzing both source and binary code. DerSecur's team of 70 experts continues to push the boundaries in application security research and development.

 

Request a Personalized DerScanner Demo
preview
Interview With Daniel Chernov for SafetyDetectives
2025-01-13
preview
DerSecur and TOYO Corporation Announce Strategic Partnership to Launch Advanced Application Security Solution DerScanner in Japan
2024-11-19
preview
DerSecur Signed a Distribution Agreement with Elcore
2024-10-21