What are you using to do software composition analysis (SCA) scans?

Security Strategy & RoadmapThreat & Vulnerability Management
1.5k viewscircle icon3 Comments
Sort by:
Director of Information Security2 years ago

Vulert, because it doesn't require any installation or access to code.

Lightbulb on1
Director of Information Technology in Education3 years ago

We've looked into a few tools and narrowed down our choices between GitLab and Debricked.

VP, Distinguished Fellow, & Chief Architect in Healthcare and Biotech3 years ago

JFrog Xray is what we are using. 

Content you might like

Do you allow access to workday/HR application outside of InTune or another MDM tool?

What is your policy for hourly employees accessing Workday ‘off hours’? How is this policy managed?

Read More Comments

Are you concerned that generative AI tools will make it harder to spot phishing attacks?

Extremely concerned: we need a mitigation strategy ASAP!17%

Somewhat concerned72%

Slightly concerned: it’s on my radar but not a key focus10%

Nope! Not at all concerned

View Results

How valuable to reducing change/fail % is it if a sys admin is able to predict the impact of a kernel or glibc change before applying the change to their Linux systems?

Highly valuable30%

Moderately valuable68%

Not valuable at all.1%

View Results

What requirements have you used to evaluate and select a SAAS SPM tool?

Read More Comments

How are you diversifying threat intelligence sources? Have you been able to reduce reliance on CISA for TI?