Open Source Risk: A Critical Software Intelligence Component and New Innovations in the CAST Highlight May Release

Jun 4, 2019 by Greg Rivera

According to Wikipedia, Software Intelligence is defined as: insight into complex software structure produced by software designed to analyze database structure, software framework and source code to better understand and control complex software systems in Information Technology environments. This is a rapidly growing discipline in our industry and includes a number of important metrics about software applications such as Health, Cloud Readiness, and Security.

Software Composition Analysis for managing Open Source Risk

An increasingly important part of the Software Intelligence landscape is Software Composition Analysis (SCA) or measuring the risks of open source when developing software. As we all know, it is extremely rare that organizations are creating 100% original software code when developing applications and there are inherent risks involved when leveraging open source frameworks and 3rd party components to speed up the development process. The two primary risks are: 1.) security vulnerabilities or CVEs (Common Vulnerabilities and Exposures) and 2.) IP licensing risks. Hence, the importance of SCA in today’s IT environment.

 

Open Source Risk is however only one of the components of the broader Software Intelligence landscape

There are several solutions available on the market that focus explicitly on Software Composition Analysis (Learn how CAST SCA works). However, this is only one part of the overall Software Intelligence landscape. What about measuring the Cloud Readiness of your software when planning for a cloud migration or modernization initiative? How about gaining insight into the Health of your applications when rationalizing a large portfolio of enterprise applications or performing technology due diligence before an M&A transaction? How about understanding the Business Impact of your applications so that you can incorporate the business context into the decision making process? These are all critical questions that can only be answered by a Software Intelligence platform that goes beyond being a point solution focused on one narrow area.

 

CAST Highlight’s Software Intelligence approach is broader

That is why CAST Highlight is taking a different approach to measuring open source risk and incorporating SCA into the broader picture of Software Intelligence enabling a complete view of your enterprise software portfolio. And, in most cases it is being offered at a fraction of the cost of most solutions that focus on SCA alone.

 In the latest release of CAST Highlight, we add several new innovations improving on the ability to gain rapid insights into your software applications and understand open source risk, cloud readiness, and application health to name a few. Continue reading to learn the details…

What's new in CAST Highlight?

Smart Open Source: Detection of transitive dependencies 

CAST-Highlight-SCA-TransitiveDependencies-cropped (2)


In this new version, we go a step further in Software Composition Analysis (SCA) by discovering the dependencies of Open Source and third-party components that your applications use, as well as their licenses and possible vulnerabilities. Since these indirect dependencies may also be exposed to CVEs or license compliance issues in the context of your application, they’re also added in the Bill of Materials in a new tab called “Dependencies”.

Smart Open Source: An Azure DevOps extension

CAST-Highlight-SCA-AzureDevOps



Detect possible vulnerabilities, license risks and obsolete Open Source and third-party components at the early stages of your build chain. Highlight’s SCA analytics are now available as an extension of Microsoft Azure DevOps, available from the marketplace. Try it now!

19 new Java code insights for Software Health

We added 19 new code insights contributing to the three  health factors (Resiliency, Agility and Elegance) for Java applications. And, we have updated our analyzer enabling even more code insights in future releases.

CloudReady support for TypeScript and JavaScript

Along with Java, C#, VB/VB.Net, T-SQL, Python and PHP, you can now scan TypeScript and JavaScript applications to verify the presence of Cloud/PaaS blockers and boosters.

CloudReady Survey Colors to quickly know where to improve
CAST-Highlight-CloudReady-SurveyColors

In the CloudReady results at the application level, we added color-coding in the survey answers to make score interpretation easier and know exactly where to improve such as Cloud maturity of your development team, choosing a database which is natively supported in SaaS, adopting DevOps, etc. The opacity indicates the weight of the item in the overall CloudReady score.

UX improvements on TRENDS and FRAMEWORKS at portfolio level
CAST-Highlight-Trends

We took advantage of this new release to improve the user experience, specifically on the TRENDS and FRAMEWORKS dashboards. These pages now load much faster and we made the transition between dashboards easier for a more comfortable navigation.

Filed in: CAST Highlight CAST News Risk & Security Software Intelligence Software Security
Tagged: CAST Highlight Open Source Risk Open source security Product Release SCA Software Composition Analysis
Cloud Smart: How to Ensure an Efficient and Secure Journey
Cloud Smart: How to Ensure an Efficient and Secure Journey
Recorded Webinar
Software Intelligence at the core of M&A Advisory

Erik Oltmans, an Associate Partner from EY, Netherlands, spoke at the Software Intelligence Forum on how the consulting behemoth uses Software Intelligence in its Transaction Advisory services. 

Erik describes the changing landscape of M & A. Besides the financial and commercial aspects, PE firms now equally value technical assessments, especially for targets with significant software assets. He goes on to detail how CAST Highlight makes these assessments possible with limited access to the target’s systems, customized quality metrics, and liability implications of open source components - all three that are critical for an M&A due diligence.

Video Interview
Eliminate vulnerabilities while improving performance
CAST AIP was implemented for a Federal Law Enforcement Agency in the US. CAST AIP helped identify and resolve several critical violations and flaws in the software leading to an immediate saving of ~ $250K in software maintenance.
Case Study
Greg Rivera
Greg Rivera Vice President
As Vice President of CAST Highlight, Greg leads product strategy for the CAST SaaS platform helping customers and partners accelerate app modernization / cloud migration, rationalize their app portfolios, and reduce open source risk. He has worked with Fortune 1000 companies such as Microsoft, IDG Communications, and Arrow Electronics for over 20 years in technology and media, helping them make successful digital transformations. Greg has a B.S. in Electrical Engineering and an M.S. in Management of Technology and is passionate about applying technology to improve business and our everyday lives.
More Posts from Greg >>

Write a review Average rating:
()
Newest on top Oldest on top
Load more reviews
Thank you for the review! Your review must be approved first
You've already submitted a review for this item
|
()