FaaS (Function as a service) is the concept of serverless computing via serverless architectures. Developers can leverage this architecture to deploy an individual “function”, action, or a piece of business logic. Functions are expected to start within milliseconds and process individual requests and then end.
While there are a lot of benefits in serverless architecture, there are some new security threats as well. The attack surface is larger: More HTTP endpoints are exposed, there is a higher risk for configuration errors as the technology is brand new, and most security platforms are just not there yet. Serverless functions are exposed to open source vulnerabilities just like any other software, if not more.
In modern architectures, where microservices are built as part of the SDLC pipeline, and being deployed as serverless functions, it is required to continuously scan and monitor these functions for security vulnerabilities and license compliance issues.
WhiteSource for Serverless Environments
WhiteSource serverless integration enables you to scan and monitor deployed FaaS.
Utilizing the Unified Agent and Effective Usage Analysis technologies, WhiteSource is capable of understanding the effective references from the serverless functions to the vulnerable code in the called open source components.
The following links are for serverless integration related topics: