Software Supply Chain

Automated Security and Compliance for your Software Supply Chain

Our range of services to assist you Software Supply Chain needs

OpenChain Conformance

Strengthen trust in your software supply chain by implementing the leading industry best practices from the OpenChain Project and achieving ISO certification.

Learn more

Technical Due Diligence

Conduct a thorough assessment of codebases, architecture, security scalability, and compliance to meet business requirements before investment or acquisition.

Learn more

Open Source Program Office

Establish an OSPO for thorough open source compliance, focusing on security, license adherence, policy development, and efficient approval processes.

Learn more

Software Composition Analysis

Implement and optimise Software Composition Analysis (SCA) technology to provide accurate data, enabling companies to ensure security and compliance by design.

Learn more

Software Bill of Materials

Create accurate SBOMs through in-depth code audits, effectively addressing M&A, regulatory, customer, and investor requirements for full compliance.

Learn more

Training

Enhance your team’s expertise in open-source challenges with our specialised training programs designed for skilled programmers and compliance teams to achieve.

Learn more

Frequently Asked Questions

Below you can find a selection of FAQs. If you still have questions after this, please contact us and we would be happy to help!

Do I need to share my application source code for scanning?

There are two options for scanning your application code. First, you can share the source code via a shared folder for scanning. Second, we can provide an agent to allow you to scan the code within your environment without needing to share the source code.

What is the difference between a direct source code scan and an agent-based scan?

A direct source code scan captures more details like copyright notices and URLs along with vulnerabilities, licensing, and operational issues, allowing for a thorough audit of the code. An agent-based scan captures only metadata related to vulnerabilities and licensing. Agent-based scanning is ideal for companies that prefer not to share their source code.

Does Source Code Control sell any SCA tools?

Source Code Control is tool-agnostic and does not sell specific tools. However, we help clients evaluate various tools, providing insights into pros and cons to assist in making the right choice based on their specific needs and objectives.

Why do I need a Software Bill of Materials (SBOM)?

There are increasing global regulations mandating transparency in the use of third-party components and libraries in code. This impacts all software companies. An SBOM helps as part of an overall cybersecurity strategy and builds trust in software supplied to customers and stakeholders.

Is customised training available?

In addition to our standard training modules, we can design bespoke training sessions tailored to your team’s specific needs, covering both foundational and technical concepts. We also offer workshops to help teams optimize their use of tools and practices effectively.

Why is Open Chain Conformance needed?

The OpenChain project establishes best practices to enhance open-source license compliance, security assessments, and documentation processes. By ensuring that software is delivered with accurate and consistent information about its open-source components, it helps build trust in the software supply chain.