Contrast OSS Helps Devops Manage And Triage Hidden OSS Library Risk
The adage, “Security teams don’t know what they don’t know,” rings true when it comes to open-source software (OSS) vulnerabilities. Legacy software composition analysis (SCA) tools only provide a point-in-time assessment of open-source components and cannot continuously assess application security (AppSec) throughout the development life cycle. Lack of insight into all the different dependent OSS libraries that get pulled into the application during continuous integration/continuous deployment (CI/CD) processes creates enormous visibility gaps in the application layer. Security and development teams often have no insight if libraries are being used when the application is run. This creates major backlogs as DevOps teams cannot efficiently prioritize which vulnerabilities need to be immediately addressed.
As part of the Contrast DevOps-Native AppSec Platform, Contrast OSS helps organizations prioritize critical vulnerabilities by tracking the libraries that actually get used by applications during runtime operation. It also provides development and security teams with comprehensive visibility of all OSS components to better understand the depth of risk that library dependencies can produce.