From Software Bill of Materials to Automated Remediation Across your Software Supply Chain

Posted on June 2, 2023
Author: RunSafe Security

Table of Contents:

From Software Bill of Materials to Automated Remediation Across your Software Supply Chain

The World’s Most Complete SBOM

Addressing Open Source Software Vulnerabilities

The Future of Software Supply Chain Security

 

Today we released our expanded product offering, complete with the ability to generate a software bill of materials while also automating the remediation of vulnerabilities across your software supply chain – all within your CI build tools, such as GitLab or GitHub.

The World’s Most Complete SBOM

Based on customer feedback, we learned that even though a software bill of materials is a foundational step to understand the risk in your software products – and necessary for sharing with customers what is contained in deliveries to them – not all SBOMs are created equal.

Take compiled code written in C/C++.  Whereas most companies derive an SBOM from the software binary, resulting in missing information, RunSafe generates the SBOM during the build process where we have perfect information about what goes into your product.
As a result, whether you need to generate an SBOM, search it for underlying components that may contain vulnerabilities, or need to store and retrieve data for future use, Gremlin creates the most complete SBOM while saving your developers time.

Addressing Open Source Software Vulnerabilities

But that’s not all. Because as much as 60-80% of code in your products come from open source repositories, we learned reducing the attack surface given a complex software supply chain is consuming scarce resources and preventing developers from building new features.

With Gremlin, we incorporated the world’s most efficient and effective automated remediation so developers can ship software with radically reduced attack surface – and no additional work. With RunSafe protections built in, our customers can not only share the most complete SBOM but also highlight how they protected individual components from exploitation. 

The Future of Software Supply Chain Security

And we are not done. In the near future, we will roll out additional features for you. We plan to help you gain insights on all the vulnerabilities associated with components in your SBOM, demonstrate how much attack surface you can eliminate with a click of a button, calculate your exposure to any further zero days yet to be discovered, and even alert you when new vulnerabilities are discovered or remediated.  

We also believe you will have more ideas on how to enhance the automated management of software supply chain risk without slowing down your developers. Please reach out if you have questions and feel free to start a free trial here. We welcome your feedback.

Radically reduce your attack surface