Verify Software Build & Release

ReversingLabs assesses software release images, without requiring source code, debugging symbols, or special package preparation steps, making it easy for developers, application security teams, and auditors to assure that the image’s components and dependencies have trustworthy behaviors and pose an acceptable level or risk before release, deployment or adoption.

Analyze Software Now Download Solution Brief Watch Supply Chain Video

Assess Third-Party Libraries for Compromise

Challenge: Detecting malicious intent hiding within third-party or open source libraries or components included in a software package is important for reducing the risk of attacks such as typosquatting, rogue packages, or malicious software maintainers. Third-party software components can be a black box for many application security analysis tools because access to the source code of their results are often not detailed enough to be useful.

Solution: ReversingLabs secure.software avoids limitations associated with file size and types to uncover a far more complete list of in-house, open source and third-party software components. Each component is evaluated for suspicious behaviors, software tampering and other indicators of code compromise, empowering software providers to validate the integrity, and the security posture of third-party and open source components before distribution or deployment.

Validate Software Behaviors & Changes

Challenge: Attackers are expending a lot of effort to ensure their changes, such as malicious backdoor code, look as if they belong within the code base. Therefore, by only checking for behavior changes across release package versions or even across multiple builds of the same package version, is it possible to catch SunBurst-type software supply chain attacks.

Solution: ReversingLabs secure.software analysis does not require source code, debugging symbols, or any special package preparation steps, making it easy to unpack and analyze every layer of complex release packages. This unmatched visibility and examination can identify software behaviors, backdoors, and malware introduced after traditional static and dynamic (SAST/DAST) analysis scanners and Source Composition Analysis (SCA) tools operate, allowing software providers to be able to ensure that code and build compromise risks are minimized.

protecting-applications-from-software-supply-chain-attacks-1

Solution Insights

Blog

SunBurst: the next level of stealth

SolarWinds compromise exploited through sophistication and patience

Read Blog

Infographic

4 Myths About the Safety of Third-Party Software

Several myths and misconceptions exist about third-party software

Download Document

Webinar

SC-Magazine-5-Ways-to-Mitigate-Software-Supply-Chain-Attacks

5 Ways to Mitigate Costly Software Supply Chain Attacks to Get Your SDLC in Check

With today’s software more reliant on third-party and open-source software, your software development lifecycle (SDLC) demands more checks to validate the integrity of your build, release and production software

WATCH WEBINAR

Software Supply Chain Partners

Python Package Index (PyPI)

ReversingLabs secure.software integrates with leading Python package repository PyPI to provide greater assurances that software packages distributed from its repository are free of malware.

GitHub

ReversingLabs secure.software integrates with leading software code management system GitHub, providing assurance to organizations that their private repositories used during the software development and release processes are free of malware.

npm

ReversingLabs secure.software integrates with leading JavaScript and node.js package manager npm to provide greater assurance that the distribution of JavaScript packages and modules are free of malware.