Introducing Our New Software Supply Chain Security Features
Today we are excited to announce the expansion of our software supply chain security offering with a series of new features that will enhance our ability to detect, prioritize, and remediate open-source software risk. These features set Rezilion apart from SCA (software composition analysis) tools on the market and allow us to provide significantly wider visibility into an organization’s risk – while also dramatically reducing the amount of work required to eliminate it.
This expansion will include 100% agentless deployment across a wide range of cloud providers, expanded support for CI platforms (including Bitbucket), expanded language support with Go and Rust, and improved support for Windows (including Java, Python, and Node.js, as well as Windows native validation capabilities). With this capability, our customers can now analyze and validate their entire software supply chain, regardless of their environment or technology stack.
However, increased coverage for software supply chain security is only the beginning. Through threat intelligence feed integration, we dramatically improve our risk detection capabilities. As a result, Rezilion not only identifies open-source software vulnerabilities, but also detects malicious code that threatens the security of our customers’ products and environments.
As part of our enhancements, we will add CISA Known Exploitable Vulnerabilities (KEV) and EPSS intelligence to indicate the likelihood (probability) that a software vulnerability will be exploited in the wild.We will also introduce Malware Bazaar and Open Source Software Foundation (OSSF) repo scorecard feeds, which will help customers to identify malicious code in software packages. Together, these enhancements will increase our prioritization capabilities and reduce IT, development, and DevOps workloads.
Additionally, we’ve also added smart remediation recommendations to the platform which will suggest the smartest fix both for security and operational risk, as well as automated remediation in Github actions, Gitlab, and Jenkins.
Finally, we want to provide the security team with the tools they need to protect the organization at the outset of development. From a single centralized location, security teams can define and enforce security policies across the entire SDLC (with a specific focus on managing developer actions in CI) and take and track remediation actions for a variety of risks.
Overall, these new features represent a major step forward for Rezilion and our customers. By providing more comprehensive coverage, better risk detection and prioritization, and easier remediation, we fulfill our product vision of accelerating innovation by eliminating the burden of risk, and helping our customers innovate more and focus on the development of their products and services.
Keep building (securely!),
Shahar
