An Intellyx Brain Candy Brief
In addition to its static application security testing (SAST) offering for source code, GrammaTech also offers binary software composition analysis (SCA) which provides open-source supply chain visibility for compiled binaries, even when the source code is not available.
Open-source supply chain security is a pressing topic after Log4J and other supply chain vulnerabilities surfaced. Most solutions to this problem involve scanning source code of various libraries for vulnerabilities.
In some cases, however, only the compiled binaries are available. GrammaTech scans such files, identifying open-source components including firmware, containers, and mobile or desktop applications.
Once it builds the resulting component inventory, it maps it to the popular VulnDB database of software vulnerabilities.
GrammaTech is especially useful for embedded software (from GPS devices to medical devices to spacecraft), as source code is often unavailable for such systems.
Customers use GrammaTech at the beginning of the software lifecycle to test incoming open-source components, as well as at deployment to provide end customers with a complete software bill of materials (SBOM).
Copyright © Intellyx LLC. Intellyx is an industry analysis and advisory firm focused on enterprise digital transformation. Covering every angle of enterprise IT from mainframes to artificial intelligence, our broad focus across technologies allows business executives and IT professionals to connect the dots among disruptive trends. As of the time of writing, none of the organizations mentioned in this article is an Intellyx customer. No AI was used to produce this article. To be considered for a Brain Candy article, email us at pr@intellyx.com.