Open Source Risk: A Critical Software Intelligence Component and New Innovations in the CAST Highlight May Release

Jun 4, 2019 by Greg Rivera

According to Wikipedia, Software Intelligence is defined as: insight into complex software structure produced by software designed to analyze database structure, software framework and source code to better understand and control complex software systems in Information Technology environments. This is a rapidly growing discipline in our industry and includes a number of important metrics about software applications such as Health, Cloud Readiness, and Security.

Software Composition Analysis for managing Open Source Risk

An increasingly important part of the Software Intelligence landscape is Software Composition Analysis (SCA) or measuring the risks of open source when developing software. As we all know, it is extremely rare that organizations are creating 100% original software code when developing applications and there are inherent risks involved when leveraging open source frameworks and 3rd party components to speed up the development process. The two primary risks are: 1.) security vulnerabilities or CVEs (Common Vulnerabilities and Exposures) and 2.) IP licensing risks. Hence, the importance of SCA in today’s IT environment.

 

Open Source Risk is however only one of the components of the broader Software Intelligence landscape

There are several solutions available on the market that focus explicitly on Software Composition Analysis (Learn how CAST SCA works). However, this is only one part of the overall Software Intelligence landscape. What about measuring the Cloud Readiness of your software when planning for a cloud migration or modernization initiative? How about gaining insight into the Health of your applications when rationalizing a large portfolio of enterprise applications or performing technology due diligence before an M&A transaction? How about understanding the Business Impact of your applications so that you can incorporate the business context into the decision making process? These are all critical questions that can only be answered by a Software Intelligence platform that goes beyond being a point solution focused on one narrow area.

 

CAST Highlight’s Software Intelligence approach is broader

That is why CAST Highlight is taking a different approach to measuring open source risk and incorporating SCA into the broader picture of Software Intelligence enabling a complete view of your enterprise software portfolio. And, in most cases it is being offered at a fraction of the cost of most solutions that focus on SCA alone.

 In the latest release of CAST Highlight, we add several new innovations improving on the ability to gain rapid insights into your software applications and understand open source risk, cloud readiness, and application health to name a few. Continue reading to learn the details…

What's new in CAST Highlight?

Smart Open Source: Detection of transitive dependencies 

CAST-Highlight-SCA-TransitiveDependencies-cropped (2)


In this new version, we go a step further in Software Composition Analysis (SCA) by discovering the dependencies of Open Source and third-party components that your applications use, as well as their licenses and possible vulnerabilities. Since these indirect dependencies may also be exposed to CVEs or license compliance issues in the context of your application, they’re also added in the Bill of Materials in a new tab called “Dependencies”.

Smart Open Source: An Azure DevOps extension

CAST-Highlight-SCA-AzureDevOps



Detect possible vulnerabilities, license risks and obsolete Open Source and third-party components at the early stages of your build chain. Highlight’s SCA analytics are now available as an extension of Microsoft Azure DevOps, available from the marketplace. Try it now!

19 new Java code insights for Software Health

We added 19 new code insights contributing to the three  health factors (Resiliency, Agility and Elegance) for Java applications. And, we have updated our analyzer enabling even more code insights in future releases.

CloudReady support for TypeScript and JavaScript

Along with Java, C#, VB/VB.Net, T-SQL, Python and PHP, you can now scan TypeScript and JavaScript applications to verify the presence of Cloud/PaaS blockers and boosters.

CloudReady Survey Colors to quickly know where to improve
CAST-Highlight-CloudReady-SurveyColors

In the CloudReady results at the application level, we added color-coding in the survey answers to make score interpretation easier and know exactly where to improve such as Cloud maturity of your development team, choosing a database which is natively supported in SaaS, adopting DevOps, etc. The opacity indicates the weight of the item in the overall CloudReady score.

UX improvements on TRENDS and FRAMEWORKS at portfolio level
CAST-Highlight-Trends

We took advantage of this new release to improve the user experience, specifically on the TRENDS and FRAMEWORKS dashboards. These pages now load much faster and we made the transition between dashboards easier for a more comfortable navigation.

Filed in: CAST Highlight CAST News Risk & Security Software Intelligence Software Security
Tagged: CAST Highlight Open Source Risk Open source security Product Release SCA Software Composition Analysis
Get the Pulse Newsletter Sign up for the latest Software Intelligence news Subscribe Now <>
Open source is part of almost every software capability we use today. At the very least libraries, frameworks or databases that get used in mission critical IT systems. In some cases entire systems being build on top of open source foundations. Since we have been benchmarking IT software for years, we thought we would set our sights on some of the most commonly used open source software (OSS) projects. Software Intelligence Report <> Papers
In our 29-criteria evaluation of the static application security testing (SAST) market, we identified the 10 most significant vendors — CAST, CA Veracode, Checkmarx, IBM, Micro Focus, Parasoft, Rogue Wave Software, SiteLock, SonarSource, and Synopsys — and researched, analyzed, and scored them. This report shows how each measures up and helps security professionals make the right choice. Forrester Wave: Static Application Security Testing, Q4 2017 Analyst Paper
This study by CAST reveals potential reasons for poor software quality that puts businesses at risk, including clashes with management and little understanding of system architecture. What Motivates Today’s Top Performing Developers Survey
Greg Rivera
Greg Rivera Vice President
As Vice President of CAST Highlight, Greg leads product strategy for the CAST SaaS platform helping customers and partners accelerate app modernization / cloud migration, rationalize their app portfolios, and reduce open source risk. He has worked with Fortune 1000 companies such as Microsoft, IDG Communications, and Arrow Electronics for over 20 years in technology and media, helping them make successful digital transformations. Greg has a B.S. in Electrical Engineering and an M.S. in Management of Technology and is passionate about applying technology to improve business and our everyday lives.
More Posts from Greg >>
Load more reviews
Thank you for the review! Your review must be approved first
Rating
New code

You've already submitted a review for this item

|

Get a Demo    •    Contact Us    •     Support    •     The Software Intelligence Pulse    •     Privacy Policy    •     SiteMap    •     Glossary    •     Archive

Copyright 2019 - CAST | All Rights Reserved