Consolidated capabilities enable customers to create comprehensive software bill of materials and eliminate security blindspots across the software development lifecycle

BETHESDA, Md.: #AppSec--CodeSecure, a leading global provider of application security testing (AST) solutions, and FOSSA, the complete software supply chain platform, today announced a strategic partnership and native product integration that enables organizations to eliminate security blindspots associated with both third party and open source code.

The partnership combines CodeSecure’s CodeSentry Binary Composition Analysis (BCA) capabilities within FOSSA’s advanced software supply chain analysis and SBOM management platform. This single integrated solution provides continuous visibility for proactively detecting and mitigating software security vulnerabilities and compliance violations at every stage of the software development lifecycle (SDLC).

The CodeSentry-FOSSA integration allows App Developers and DevSecOps teams to generate comprehensive SBOMs that account for both open source and binaries contained in their software builds—providing comprehensive transparency into vulnerabilities, dependencies, and compliance violations. By identifying vulnerabilities during the development phase—when they are easier and more cost-effective to remediate—this integrated platform reduces risk and accelerates secure software delivery.

Open-source software and third-party software components—including libraries, add-ons, drivers, operating system components, and networking code—present unique security challenges. While open source analysis tools are effective for scanning vulnerabilities in accessible source code files, many third-party and infrastructure components are distributed as precompiled binaries. These binaries require specialized BCA to accurately identify embedded vulnerabilities, dependencies, and potential risks. The FOSSA platform with BCA provides unified scanning, which is required to achieve comprehensive software security coverage.

“Modern software applications are constantly growing in complexity and composed of components that developers might not fully control or even see,” said Mike Dager, CEO of CodeSecure. “Our partnership with FOSSA creates a single, cohesive platform that ensures comprehensive visibility into both open source and binary code, allowing teams to confidently manage their software supply chains from development through deployment.”

“Customers expect seamless security insights across the entire software supply chain, including first-party code, open source components, and binaries,” said Kevin Wang, CEO of FOSSA. “Integrating CodeSecure’s market leading binary analysis capabilities into the FOSSA platform allows our customers to comprehensively inventory and secure their software—eliminating critical blindspots and enhancing their security posture.”

The FOSSA platform, pre-integrated with CodeSecure CodeSentry, addresses the following DevSecOps needs:

• Comprehensive SBOM Generation: Consolidates insights from both source and binary code analysis to produce accurate, complete software inventories.

• Early Vulnerability Detection and Remediation: Identifies and helps mitigate vulnerabilities early in the development lifecycle, reducing complexity and cost.

• Unified Security and Compliance Management: Provides a single source for maintaining software licensing compliance and securing third-party dependencies.

Availability
The FOSSA platform, pre-integrated with CodeSecure’s BCA, is available immediately. For pricing and to request a demo visit https://fossa.com/request-demo.

About CodeSecure
CodeSecure is a leading global provider of application security testing (AST) solutions used by the world’s most security conscious organizations to detect, measure, analyze and resolve vulnerabilities for software they develop or use. CodeSecure products enable rapid DevSecOps deployments while also securing their software supply chains. CodeSecure has corporate headquarters in Bethesda MD and publishes TalkSecure, an educational resource for product software developers. Visit us at http://www.codesecure.com and follow us on LinkedIn and X.

CodeSonar® and CodeSentry® are registered trademarks of CodeSecure, Inc.

About FOSSA
FOSSA is a leading software supply chain platform that automates security and compliance across first-party code, third-party suppliers (binaries and SBOMs), and developer tools. The FOSSA platform empowers companies to identify, prioritize, and remediate their real vulnerabilities, while also automating reporting and SBOM generation to meet customer and regulatory requirements. Founded in 2015, FOSSA is trusted by thousands of global organizations, has been downloaded millions of times, and has conducted more than 100 million software scans. For more information, visit www.fossa.com.

Fonte: Business Wire