Prisma Cloud Product Deep Dive: Software Composition Analysis

Proactive Open Source Security with Context-Aware SCA

Open source software isn't going anywhere – and neither are vulnerabilities.

As cloud-native applications become increasingly connected, they raise the stakes for a cloud breach. It's clear that the way we've historically identified open source risk is falling short. Existing point solutions for software composition analysis (SCA) are outdated and overmatched. They either uncover risk too late in the development lifecycle or lack the coverage and context necessary to understand and prioritize risk.

To help our customers take an integrated, proactive approach to open source security, Prisma® Cloud now enables SCA. Our robust capabilities include granular version bump fixes and open source package scanning for both vulnerabilities and license compliance issues.

Watch this 30-minute session led by senior product manager Taylor Smith. You'll learn why a new approach to SCA is crucial for cloud-native organizations. You'll also get a close-up look at Prisma Cloud's innovations in open source security. They include:

• Combining open source vulnerability findings with infrastructure as code (IaC) analysis for additional context of vulnerabilities embedded in container dependencies.
• Integrating natively with developer tools to surface open source risk earlier in and continuously throughout the development lifecycle.
• Providing full dependency tree extrapolation to identify and remediate vulnerabilities at even the deepest layers.