My prediction is that company will adopt SCA tools into their CI/CD to manage open-source related risks.
The log4j vulnerability pulled the open-source vulnerability awareness trigger for software consumers and the lack of management by the software creators. All software should be managed to avoid open-source vulnerability during development (for low fixing cost) and post-production (for trusted relationships with your customers).
Currently, there is no official regulation on that but soon the White House executive order will take place and all federal suppliers will have to provide SBOM (software bill of materials) with their software and commit for vulnerability management.
Search for a product comparison in Application Security Tools
Infrastructure as a Code scripts testing, API security testing and SCA will gain more relevance and importance this year.
Customers may also like to have a modular framework to pick and choose different areas of DevSecOps (SAST, SCA, DAST, IAST, OAST, etc) as per their needs and not to pay heavy license costs for owning a platform that offers everything but may not be required by the customer as a priority.
Application security is a significant challenge for software engineers, as well as for security and DevOps professionals. It comprises the measures taken to improve the security of online services and websites against malicious attacks by finding, repairing, and preventing security weaknesses and vulnerabilities.
My prediction is that company will adopt SCA tools into their CI/CD to manage open-source related risks.
The log4j vulnerability pulled the open-source vulnerability awareness trigger for software consumers and the lack of management by the software creators. All software should be managed to avoid open-source vulnerability during development (for low fixing cost) and post-production (for trusted relationships with your customers).
Currently, there is no official regulation on that but soon the White House executive order will take place and all federal suppliers will have to provide SBOM (software bill of materials) with their software and commit for vulnerability management.
Infrastructure as a Code scripts testing, API security testing and SCA will gain more relevance and importance this year.
Customers may also like to have a modular framework to pick and choose different areas of DevSecOps (SAST, SCA, DAST, IAST, OAST, etc) as per their needs and not to pay heavy license costs for owning a platform that offers everything but may not be required by the customer as a priority.