HERCULES SecSAM is a Security Assessment Management platform that can effectively solve open-source software(OSS) risk control and Software Bill of Materials (SBOM) management and other complex issues. Utilizing Cybersecurity Bill of Materials (CBOM) as the technical framework for risk assessment, it integrates the third-party software vulnerability reports (such as source code scanning and vulnerability scanning report), the CI/CD tool that interfaces with the problem tracking management system, and allows users to manage, track, and warn, in a more flexible and convenient way on the basis of secure development.
- Manage Vulnerability Risk Rating Based on SBOM and CBOM structure:
- Through the establishment and maintenance of SBOM, analysis of CVE, daily automatic update of vulnerability information, vulnerability report management, and tracking mechanism to effectively monitor the vulnerabilities of products and open-source suites to achieve complete CBOM management.
- Easily analyze OSS components without source code:
- Through firmware analysis (Firmware Analysis/Binary Analysis) technology, SecSAM analyzes the firmware provided by the 3rd party vendor without source code, supports CPE standard format, and discovers the OSS composition of the product.
- Support OSS and 3rd party suite license analysis:
- Automated analysis of OSS license mode, such as GPL, Apache,LGPL, and more, SecSAM helps customers avoid license disputes.
- Improve efficiency of vulnerability fix with CI/CD integration:
- SecSAM can Integrate with the current development and management system and tool to perfect CI/CD procedure.
- Easily create SBOMs:
- By utilizing automation technology to analyze the composition of OSS in software, SecSAM creates the basis of risk management and improves the security of software supply chain.
- Quickly investigate and resolve vulnerabilities:
- Through CBOM, SecSAM manages and tracks vulnerabilities in the stages of development, testing, and maintenance, and integrates CI/CD development tools to facilitate instant resolution.
- Avoid intellectual property disputes:
- SecSAM's open source license analysis can check the license mode of OSS components to avoid affecting the interests of corporate intellectual property rights.
- Comply with global IoT security standards:
- By adopting the global standard for IoT security, ioXt Likelihood to assess product risks rating. SecSAM complies with international standard requirements and master product risks.
Solution of OSS Risks
|10 Users||Unlimited Users|
|25 Product(Projects)||Unlimited Product(Projects)|
|Component Management||Component Management|
|Software Vulnerability Analysis||Software Vulnerability Analysis|
|Test Report with recommend Solution from NVD||Test Report with recommend Solution from NVD|
|Professional SBoM Management (User Defined Schema)||Professional SBoM Management (User Defined Schema)|
|CI/CD with Mantis CSV||Customized CI/CD integration (eq. JIRA API integration)|
|Customer Support||Customer Support|
|Binary Analysis 25 mb / day||Binary Analysis 50 mb / day|
|Schedule a Demo||Schedule a Demo|
*Binary scan volume upon request
|2021 GLOBAL INFOSEC AWARDS
Next-Gen in Open-Source Security
|Item||Download||Last Updated Date|