What are you using to do software composition analysis (SCA) scans?

Security Strategy & RoadmapThreat & Vulnerability Management
1.5k viewscircle icon3 Comments
Sort by:
Director of Information Security2 years ago

Vulert, because it doesn't require any installation or access to code.

Lightbulb on1
Director of Information Technology in Education3 years ago

We've looked into a few tools and narrowed down our choices between GitLab and Debricked.

VP, Distinguished Fellow, & Chief Architect in Healthcare and Biotech3 years ago

JFrog Xray is what we are using. 

Content you might like

Do you always test security patches before applying them?

Yes, always28%

Not always but we test most patches57%

No, only certain patches are tested13%

Other (explain your strategy in comments section)

View Results

As a new-to-role CISO, I am wondering how do you make RACI look better than it looks `on-paper` in your company? What I am specifically looking for is, ways of fostering real collaboration and reaching to consensus between oldies and newcomers in their roles. 

Read More Comments

Any tips for evaluating/implementing solutions for application detection and response? What’s your experience been like with these tools so far?

What area(s) do you think your organization should improve to strengthen its cybersecurity posture?

Building an effective incident response plan31%

Educating and training employees on cybersecurity61%

Enforcing password and access management50%

Protecting endpoint devices40%

Integrating security solutions23%

Embracing the cloud9%

View Results

How are you currently managing SIEM costs? Have you found effective ways to actually reduce storage costs for your SIEM?

Read More Comments