(English) 2021 will be the year of the automated Software Bill of Materials
Some 80% or more of most application code in modern software comes from dependencies, code referenced and bundled to make a software package work. Dependencies can be direct or transitive, the latter being sort of dependencies of dependencies. Javascript repositories, for instance, have on average 10 direct dependencies and 683 transitive dependencies, GitHub’s 2020 State of the Octo-verse report found.
There’s now a business mandate for increased visibility into the software supply chain that eclipses legal and security teams and now includes, for instance, those responsible for quality assurance, product safety and export compliance. They need visibility into the chain of custody to verify levels of encryption to ensure compliance, or better guard against vulnerabilities in the software running physical products.
Read the full story by Alex Rybak, Director of Product Management at Revenera, here.