ReversingLabs assesses software release images, without requiring source code, debugging symbols, or special package preparation steps, making it easy for developers, application security teams, and auditors to assure that the image’s components and dependencies have trustworthy behaviors and pose an acceptable level or risk before release, deployment or adoption.

Analyze Software Now Download Solution Brief Watch Supply Chain Video
Assess Third-Party Libraries for Compromise

Assess Third-Party Libraries for Compromise

Challenge: Detecting malicious intent hiding within third-party or open source libraries or components included in a software package is important for reducing the risk of attacks such as typosquatting, rogue packages, or malicious software maintainers. Third-party software components can be a black box for many application analysis tools, in that without access to the source code their results are often not detailed enough to be useful.

Solution: ReversingLabs avoids limitations associated with file size and types to uncover a far more complete list of in-house, open source and third-party software components. Each component is evaluated for suspicious behaviors, software tampering and other indicators of code compromise, empowering both software providers to validate the integrity and security posture of third-party and open source components before distribution or deployment.
Validate Software Behaviors & Changes

Validate Software Behaviors & Changes

Challenge: Attackers are expending a lot of effort to ensure their changes, such as malicious backdoor code, look like they belong within the code base. Therefore, only by checking for behavior changes across release package versions, or even across multiple builds of the same package version is it possible to catch SunBurst-type supply chain attacks.

Solution: ReversingLabs analysis does not require source code, debugging symbols, or any special package preparation steps, making it easy to unpack and analyze every layer of complex release packages. This unmatched visibility and examination can identify software behaviors, backdoors, and malware introduced after traditional static and dynamic (SAST/DAST) analysis scanners and Source Composition Analysis (SCA) tools operate, thereby software providers can be assured that code and build compromise risks are minimized.
Secure Software Release Process

Solution Insights

Blog

Blog-Cover-SunBurst

SunBurst: the next level of stealth

SolarWinds compromise exploited through sophistication and patience

Read Blog

Infographic

4 Myths About the Safety of Third-Party Software

4 Myths About the Safety of Third-Party Software

Several myths and misconceptions exist about third-party software

Download Document

Webinar

SC-Magazine-5-Ways-to-Mitigate-Software-Supply-Chain-Attacks

5 Ways to Mitigate Costly Software Supply Chain Attacks to Get Your SDLC in Check

With today’s software more reliant on third-party and open-source software, your software development lifecycle (SDLC) demands more checks to validate the integrity of your build, release and production software

WATCH WEBINAR

Software Supply Chain Partners