industry news
Subscribe Now

Flexera Adds Big Automation Boost to Open Source Software Scanning, Compliance and Protection

FlexNet Code Insight 2018 Creates Automated Bill of Materials, Adding New Level of Trust and Transparency into Software Supply Chain

ITASCA, Ill., Aug. 07, 2018 (GLOBE NEWSWIRE) — Flexera, the company that’s reimagining how software is bought, sold, managed and secured, today announced a big leap forward in simplifying open source software (OSS) license compliance and vulnerability protection.  FlexNet Code Insight 2018 R2 makes it easy for software suppliers to add a new layer of trust and transparency into the software supply chain.  New functionality lets suppliers analyze software assets, and create an inventory Bill of Materials (BOM) – all with just a touch of a button.

“FlexNet Code Insight gives software vendors a helping hand to get ahead of a very real threat impacting the entire software supply chain,” said Jeff Luszcz, Vice President of Product Management at Flexera.  “More than 50 percent of code contained in commercial software releases is open source.  However, with the steady increase in vulnerabilities found in unmanaged open source code, unsuspecting software buyers are unaware of the vulnerability risk they face.  By adding ease-of-use, speed and intelligence, FlexNet Code Insight provides the most comprehensive approach to removing OSS risk from the software supply chain and strengthens Software Composition Analysis.”

More Automation, “Push of a Button” BOM Creation

In order to be correct and complete, Software Composition Analysis needs to be driven through a purpose-built platform that adds automation and workflows for open source detection and remediation of issues.  With the new release of FlexNet Code Insight, suppliers can add even more automation when creating a Bill of Materials that lists exactly which open source they’re using. This has become essential due to more complicated software supply chains and supplier/buyer concerns about safety, security and compliance. Based on an accurate BOM, issues can be identified and mitigated quickly.

FlexNet Code Insight saves companies even more time through easy automation of inventory, and deeper detection techniques that include dependency reporting. This enables suppliers to track all components, no matter how deeply they’re hidden. They can control the depth of open source scanning, dialing up to include top-level items only or dialing down for a deeper look at direct and transitive dependencies.

More Vulnerability Intelligence, More Protection

Anyone that’s using open source components needs a clear match list between what they’re using and what parts are vulnerable.  FlexNet Code Insight broadens vulnerability intelligence and coverage, enabling 70,000 vulnerability mappings through intelligence from Secunia Research at Flexera and the National Vulnerability Database (NVD).  Vulnerabilities map directly to a supplier’s software inventory, identifying action needed and the severity level.  The result is a clear risk report.  Based on that information, Flexera customers can focus on high-risk items first and lean on advisory data to mitigate them quickly.

Integration and Easy Plugins

Flexera continues to expand its leadership in OSS scanning, compliance and security.  The new release makes it even easier to include open source scanning seamlessly into the agile DevOps process – enabling continuous scanning, integration and remediation.

Through 15 out-of-the-box integrations, development teams can easily plug OSS scanning into their CI/CD process – making it simple to pull in data from other systems.  When code is scanned as it comes into the build, issues can be identified early and fixed fast to avoid slowing down a release.  If an issue comes up, a JIRA work item can be created to manage the remediation work to clean up the code.  Integrations include Jenkins, JIRA ALM, Git, Maven, Gradle, Artifactory, Perforce SCM, Docker, VSTS, GitLab, Team City and more.

“Open source scanning and analysis should be a standard process for any company that’s building software,” added Luszcz.  “Through deep and out-of-the-box integration with existing tools and processes, Flexera enables customers to scan and remediate as part of their standard processes – contributing significantly to building software that’s secure and compliant.”

Follow Flexera on…

About Flexera

Flexera is reimagining the way software is bought, sold, managed and secured.  We view the software industry as a supply chain, and make the business of buying and selling software and technology asset data more profitable, secure, and effective.  Our Monetization and Security solutions help software sellers transform their business models, grow recurring revenues and minimize open source risk.  Our Vulnerability and Software Asset Management (SAM) solutions strip waste and unpredictability out of procuring software, helping companies buy only the software and cloud services they need, manage what they have, and reduce compliance and security risk.  Powering these solutions and the entire software supply chain, Flexera has built the world’s largest and most comprehensive repository of market intelligence on technology assets.  In business for 30+ years, our 1200+ employees are passionate about helping our 80,000+ customers generate millions in ROI every year.  Visit us at www.flexera.com.

Leave a Reply

featured blogs
Dec 9, 2018
https://youtu.be/M_d-K4yE_n4 Made on Cadence pathways (camera Sean) Monday: ICCAD and Open-Source CAD Tuesday: Clayton Christensen on the Prosperity Paradox Wednesday: Benedict's Christmas... [[ Click on the title to access the full blog on the Cadence Community site. ]...
Dec 7, 2018
That'€™s shocking! Insulation Resistance and Dielectric Withstanding Voltage are two of the qualification tests that Samtec performs in-house during part qualification testing. These tests will ensure that when a connector is used in environmental conditions at the rated wo...
Nov 28, 2018
Wearable tech is officially the next big innovation in technology, and its popularity has skyrocketed in the past few years. It seems like every few months......
Nov 14, 2018
  People of a certain age, who mindfully lived through the early microcomputer revolution during the first half of the 1970s, know about Bill Godbout. He was that guy who sent out crudely photocopied parts catalogs for all kinds of electronic components, sold from a Quon...