Open source components lowers development costs while accelerating development. They are also subject to security vulnerabilities that can be exploited easily by malicious attackers. With thousands of new vulnerabilities disclosed each year, an application that is secure today can be attacked by script kiddies using public exploits tomorrow.

In addition to the open source components your team uses, your vendors and partners may also provide binaries. When incorporated into your products, these can lead to additional open source security risk.

Insignary Clarity provides visibility to software supply chain by analyzing compiled applications and components to generate a Software Bill of Materials (SBOM), then mapping that to a database of vulnerable components. It provides detailed information on all vulnerabilities in all versions of each component to help developers make informed decisions about how to address issues.

When a new vulnerability is disclosed, Clarity alerts users to the affected applications – without the need to rescan.

Clarity highlights vulnerabilities with publicly available exploits

Clarity provides more accurate results than other binary SCA solutions and minimizes unnecessary rework by providing information on whether the vulnerable portion of the component is used.

Clarity provides alerts when personal information, hard coded IP addresses or URLs, and unencrypted passwords are detected in a file.

Open source components can be issued under any of thousands of licenses – or no license at all. Each includes restrictions on usage, extension and distribution of code and its derivative products. Some licenses allow users to freely modify and redistribute code, while others require any modifications to be published under the same open source license. Components with restrictive licenses – if used improperly – can put your organization’s IP at risk.

You can protect your IP by maintaining a Software Bill of Materials (SBOM) for all software used in your solutions. But it’s not enough to simply look at what development teams have declared.

Source-based Software Composition Analysis (SCA) can only examine the custom code your team creates. It is blind to binaries provided by third party vendors or to open source compiled directly into a build.

Clarity takes a different approach. Our Binary SCA provides visibility to your entire software supply chain. By examining the binary, Clarity can identify open source license risk in vendor code and the code your team builds.

Maps all open source components to our license database, including file-level detailed license information to minimize license risks that can be missed by simply checking representative licenses .

Highlights components subject to aggressive litigation for copyright licenses.

Screens 3rd party developed binaries for potential OSS license compliance violations