WhiteSource Prioritize assesses the effectiveness of security vulnerabilities associated with open source components. Effective Usage Analysis (or EUA, the technology behind WhiteSource Prioritize) represents a unique approach to effectiveness analysis that may be applied to a variety of use cases. Software Composition Analysis (SCA) tools have traditionally identified security vulnerabilities associated with an open-source component by matching the calculated "fingerprint" of a component with an entry stored in a specialized database maintained by the SCA vendor and retrieving data for that entry based on reported vulnerabilities in repositories such as the NVD. While the traditional approach can identify open source components for which security vulnerabilities are reported, it does not establish if the customer's proprietary code actually references (explicitly or implicitly) entities reported as vulnerable in such components. WhiteSource Prioritize was designed to accommodate such a requirement by scanning customer code, analyzing how the code interacts with open-source components, indicating if reported vulnerabilities are effectively referenced by such code – and if so – identifying where that happens.
WhiteSource Prioritize offers the following advantages:
...
To get started with WhiteSource Prioritize, go to Scanning with WhiteSource Prioritize.
For an overview of the WhiteSource Prioritize documentation:
| Page Tree | ||
|---|---|---|
|
...