Developers Need Smarter SCA Tools to Fight Software Supply Chain Attacks

This story was originally published on HackerNoon at: https://hackernoon.com/developers-need-smarter-sca-tools-to-fight-software-supply-chain-attacks.

Software composition analysis (SCA) tools render too many false positives, and aren't smart enough to find modified dependencies. New methods show promise...

Check more stories related to cybersecurity at: https://hackernoon.com/c/cybersecurity.
You can also check exclusive content about #cybersecurity, #appsec, #sast, #third-party-code, #oss, #software-supply-chain-attacks, #sbom, #security, and more.




This story was written by: @andrejc. Learn more about this writer by checking @andrejc's about page,
and for more stories, please visit hackernoon.com.





Software composition analysis (SCA) tools render too many false positives. SCA based on code matching will only find components integrated into a software stack without modification. Pattern recognition and intelligent analysis is needed for components that have been modified in irregular ways. The Apona platform claims to utilize intelligent pattern recognition and deep scanning across file, component, and function levels, detecting OSS with near 100% accuracy.