A comprehensive list of identified libraries and software components in the applications is compiled, including information about their versions and sources.
A detailed report is prepared with the results of the analysis conducted on the SBOM. The report includes a listing of identified vulnerabilities, their criticality, and mitigation recommendations.
The security of vendors and partners in the custody chain is assessed, including security practices, compliance, and security history.
A detailed report on the licenses associated with libraries and software components is generated, ensuring compliance with the organization’s licensing policies.
Guidance on integrating SCA with the development process is provided, ensuring regular and automated checks.