Sorry, not available in this language yet

English
日本語
简体中文

AI-generated code | Harness the power of AI coding assistants while managing the risks.
API Security Testing | Manage software risks with a holistic API security testing program.
AppSec Program Consolidation | Simplify your application security program.
Application Security Testing | Solutions to address security risks at all stages of the application life cycle.
DevSecOps | Solutions to help shift security left without slowing down your development teams.
Software Supply Chain Security | Solutions to identify and manage software supply chain risks end-to-end.
Manage Enterprise AppSec Risk | Scale your application security program without increasing complexity or adding friction.
Cloud Security | Optimize your applications for secure deployment and operation in the cloud.
Open Source License Compliance | Effective solutions for ensuring open source license compliance.
M&A Due Diligence | Identify software risks that could negatively impact the value of acquired IP.
Quality and Security Standards Compliance | Ensure your software complies with the standards critical to customers and regulators.

Static Analysis (SAST) | Analyzing code for security vulnerabilities without executing it.
Software Composition Analysis (SCA) | Analyzing software components for security and license compliance.
Dynamic Analysis (DAST) | Testing running applications for security vulnerabilities.
Interactive Analysis (IAST) | Real-time security testing during application execution.
Penetration Testing | Simulated cyberattacks to identify vulnerabilities.
Mobile Application Security Testing (MAST) | Ensuring the security of mobile applications.
Application Security Posture Management (ASPM) | Managing and improving application security posture.
Fuzz Testing Solutions | Identifying vulnerabilities by inputting random data to applications.

Automotive | Security solutions for automotive industry applications.
Financial Services | Security solutions tailored for financial services.
IoT & Embedded | Security for Internet of Things and embedded systems.
Medical Devices | Security solutions for medical devices.
Public Sector | Security solutions for government and public sector organizations.

Dev and DevOps Teams | Security tools and practices for development and DevOps teams.
Security Teams | Solutions and support for dedicated security teams.
Legal Teams | Resources and compliance tools for legal teams.

Managing Transitive Dependencies in Open Source Software

Insights and Essential Practices

Simple software applications may have only a few dependencies, perhaps a handful of libraries or frameworks. But an enterprise-level system or a large web application can have thousands of dependencies, many of them indirect or transitive. These dependencies can create complex chains that are nearly impossible to detect, manage, and test without automated tooling.

The latest “Open Source Security and Risk Analysis” (OSSRA) report includes several key findings that highlight the importance of identifying and tracking transitive dependencies.

Prevalence: 64% of the open source components identified in the OSSRA report were transitive dependencies
Complexity: Open source software is more complex than ever, and the number of open source files in an average application has increased three-fold since 2020
Security risks: 81% of codebases contain high- or critical-risk vulnerabilities, nearly half of which were introduced by transitive dependencies
License conflicts: 56% of codebases have license conflicts, the majority caused by incompatible transitive dependencies

But the very nature of transitive dependencies make them difficult to locate, track, and manage. This white paper discusses five common problems and risks associated with transitive dependencies in open source software, and it provides nine essential practices for avoiding or overcoming those pitfalls.

Download the white paper to understand

How to gain visibility into transitive dependencies
Why automation is key to managing transitive dependencies
How to evaluate and track IP and license obligations
How to generate and validate Software Bills of Materials
What role package managers play in managing transitive dependencies

Managing Transitive Dependencies in Open Source Software Insights and Essential Practices

Managing Transitive Dependencies in Open Source Software

Insights and Essential Practices

Download the report now