It is great to be back in Orlando, FL this week at the Agile + DevOps East Conference! We’re also pleased to announce our new secure software supply chain management service—powered by the Tidelift Subscription.
Open source is an amazing resource and it is nearly impossible for organizations to build applications in 2022 without using it extensively. Today over 90% of modern applications contain open source components and in these applications, open source typically makes up over 70% of the code base. While this widespread use of open source makes developers more productive and accelerates development and deployment, it also comes with hidden costs related to keeping it secure and well maintained.
A key strategy to safe and secure application development is ensuring the open source components in your software supply chain are as secure, healthy, and well maintained as possible. The new Coveros software supply chain management service does just that, by combining people and software.
There are 3 main components to the service:
- Assess. Assess current software supply chain artifacts, governance, and management.
- Understand. Generate dynamic software bills of materials (SBOM) to understand the risk associated to open source usage, including dependency and vulnerability assessments.
- Remediate. Establish proactive and on-going dependency management and remediation for secure consumption of open source components in your software supply chain.
To learn more, please stop by either the Tidelift or Coveros booths at the event. See you in Orlando!