Table of Contents:
From Software Bill of Materials to Automated Remediation Across your Software Supply Chain
Today we released our expanded Gremlin product offering, complete with the ability to generate a software bill of materials while also automating the remediation of vulnerabilities across your software supply chain – all within your CI build tools, such as GitLab or GitHub.
The World’s Most Complete SBOM
Based on customer feedback, we learned that even though a software bill of materials is a foundational step to understand the risk in your software products – and necessary for sharing with customers what is contained in deliveries to them – not all SBOMs are created equal.
Take compiled code written in C/C++. Whereas most companies derive an SBOM from the software binary, resulting in missing information, RunSafe generates the SBOM during the build process where we have perfect information about what goes into your product.
As a result, whether you need to generate an SBOM, search it for underlying components that may contain vulnerabilities, or need to store and retrieve data for future use, Gremlin creates the most complete SBOM while saving your developers time.
Addressing Open Source Software Vulnerabilities
But that’s not all. Because as much as 60-80% of code in your products come from open source repositories, we learned reducing the attack surface given a complex software supply chain is consuming scarce resources and preventing developers from building new features.
With Gremlin, we incorporated the world’s most efficient and effective automated remediation so developers can ship software with radically reduced attack surface – and no additional work. With RunSafe protections built in, our customers can not only share the most complete SBOM but also highlight how they protected individual components from exploitation.
The Future of Software Supply Chain Security
And we are not done. In the near future, we will roll out additional features for you. We plan to help you gain insights on all the vulnerabilities associated with components in your SBOM, demonstrate how much attack surface you can eliminate with a click of a button, calculate your exposure to any further zero days yet to be discovered, and even alert you when new vulnerabilities are discovered or remediated.
We also believe you will have more ideas on how to enhance the automated management of software supply chain risk without slowing down your developers. Please reach out if you have questions and feel free to start a free trial here. We welcome your feedback.