FlexNet Code Insight 2018 automates the creation of BOMs, making the software supply chain more secure and transparent
Flexera , the publisher that reinvents the purchase, sale, management and security of software, takes a big step forward in simplifying compliance management and protecting against vulnerabilities in open source software (OSS ). FlexNet Code Insight 2018 R2 helps software publishers benefit from a more secure and transparent software supply chain. The new feature allows them to analyze their software assets and create a BOM – all at the touch of a button.
“FlexNet Code Insight helps publishers take the lead in addressing the real threat across the entire software supply chain,” said Jeff Luszcz, vice president of product management at Flexera. “More than half of the code in commercial software is open source. However, because of the continuing rise in vulnerabilities identified in unmanaged open source code, buyers are unaware of the risks they face. With its ease of use, speed, and insight, FlexNet Code Insight provides the most comprehensive approach by removing OSS-related risks from the software supply chain, while strengthening its capabilities composition. “
Enhanced automation and creation of one-click BOMs
To be correct and complete, software composition analysis must be performed on a custom-designed platform, integrating automation capabilities as well as open source component detection and problem-solving workflows. With the new FlexNet Code Insight, publishers can increase the automation of BOM creation that accurately lists the open source elements used. These features have become essential because of the increasing complexity of software supply chains and publisher / buyer concerns with respect to safety, security, and compliance issues. With a precise nomenclature, problems can be identified and controlled quickly.
Open source components need a list of the elements used, as well as those that are vulnerable. FlexNet Code Insight provides deep and comprehensive intelligence on 70,000 vulnerabilities with information from Flexera’s Secunia Research team, and from the National Vulnerability Database (NVD). Publishers can pinpoint problems in their inventories, determine what action to take and the severity of the threat, and get a clear report on the threats. With this information, Flexera customers can prioritize the highest risk items and rely on security bulletin data for quick control.
Integrations and plugins
Flexera continues to consolidate its dominance in the areas of scanning, compliance and security of open source software. For example, the new FlexNet Code Insight helps organizations seamlessly integrate open source component analysis into their DevOps and agile processes – and take advantage of seamless integration and remediation capabilities.
With up to 15 native integrations, development teams can easily incorporate OSS scanning into their integration and continuous delivery processes to easily extract data from other systems. As code is analyzed as it enters the build, problems can be identified and resolved quickly to avoid delaying release. If there is a problem, a JIRA work item can be created to handle code cleanup jobs. Integrations include Jenkins, JIRA ALM, Git, Maven, Gradle, Artifactory, Perforce SCM, Docker, VSTS GitLab and Team City.
“Scanning and analyzing open source software should be the standard process for any software company,” says Luszcz. “That’s exactly what Flexera offers its customers through the deep, native integration of the new FlexNet Code Insight with existing tools and processes. The publisher contributes greatly to the development of secure and compliant software.