What are you using to do software composition analysis (SCA) scans?

Secure Code & Automation (DevSecOps)Threat & Vulnerability Management
1.5k viewscircle icon3 Comments
Sort by:
Director of Information Security2 years ago

Vulert, because it doesn't require any installation or access to code.

Lightbulb on1
Director of Information Technology in Education3 years ago

We've looked into a few tools and narrowed down our choices between GitLab and Debricked.

VP, Distinguished Fellow, & Chief Architect in Healthcare and Biotech3 years ago

JFrog Xray is what we are using. 

Content you might like

Does your org encourage employees to opt out of data sharing with their personal mobile provider?

Yes47%

Only for employees using personal devices for work37%

No12%

Don't know / show results2%

View Results

Are any social media apps banned on your corporate devices?

Yes, multiple30%

Yes, one37%

No27%

Don't know3%

View Results

I'm looking to go for the Certified CISO certification & training as I'm an aspiring CISO. Any recommendations and additional certifications that I should be doing along with that? I already have CISSP. 

Read More Comments

AI deepfakes have cost the industry over $200M this year. As CISOs, can we scale detection fast enough, or is regulatory pressure the only way to drive adoption?

Read More Comments

As part of our NYSE IPO prep, we’re debating how to communicate our system hardening efforts in regulatory disclosures (e.g., SEC Form 20-F, SFC).

Would you recommend sharing % compliance (e.g., “85% CIS Tier 2”) or sticking to qualitative descriptions of how we identify and mitigate risks? Also, do SFC/ISO 27001 expectations require full ISMS integration, or is a % model acceptable?