Use Open-source with Confidence: the New Supply Chain Security by DerScanner Ensures Safety of Third-Party Components

DerScanner, a complete solution for application security testing introduces Supply Chain Security. Third-party components downloaded from the Internet may comprise up to 80% of the code volume in an average application. Cyber Attackers frequently target these packages, presenting a significant threat to application integrity. The new DerScanner  validates each open-source package a developer might integrate into their application, ensuring confidence in third-party components.    

To equip developers with a reliable measure of component security, DerScanner  assigns a reputation score to each verified package,  considering several factors evaluated by the AI-powered engine. The score examines the author's credibility, the package's popularity and update frequency, the timeliness of security fixes, the package's novelty, and the extent of community verification of pull requests. Through this comprehensive assessment, DerScanner empowers developers with the insight needed to determine the safety of incorporating each third-party package into their application's architecture.

As attackers refine their methods, a comprehensive scan of the open-source repositories becomes crucial. The vulnerabilities of the third-party components pose a substantial threat, potentially granting attackers access to entire applications. Hackers often create clones of popular libraries, publish them under similar names, and embed malicious code into these seemingly benign replicas. Those risks are further amplified in large-scale projects, where a single developer might use an outdated or unpatched package, inadvertently opening the door to cyber-attacks. The new Supply Chain Security capability in DerScanner represents a significant enhancement to the traditional Software Composition Analysis, augmenting its capabilities to deliver a more robust defense against sophisticated attack scenarios, such as zero-day threats.

“The Supply Chain Security capability in DerScanner embodies the authentic spirit of open-source by ensuring its freedom and security. It goes beyond merely identifying known vulnerabilities, proactively alerting developers about possibly compromised packages prior to their integration into applications, thus preemptively shielding against potential harm. ” - said Dan Chernov, CEO of DerScanner.