Labrador OSS Process

Detect

Labrador/SBOM

Correct

Vulnerabilities/Licenses

Protect

Patches/Compliance Management

Labrador OSS Overview

Labrador OSS, powered by the VUDDY© and CENTRIS© patented technologies,
plays a crucial role at every stage of the SDLC.

SBOM Creation

Auto-generate the most accurate source code SBOM with Labrador OSS. Powered by CENTRIS© and VUDDY©, Labrador OSS will detect all kinds of software components: File, library and function. Create your SBOM in standardized formats (SPDX and CycloneDX) down to the code snippets. (The Code-level Detection feature is available only on Labrador, making it one of the most powerful SCA in the market.).

Vulnerability Scan

Scan your source code and find vulnerabilities with the VUDDY© technology. Labrador OSS will detect the exact vulnerabilities in the source code. VUDDY© makes Labrador OSS unique by making it the only SCA that analyzes the source code down to the code level.

Software Remediation

Labrador OSS provides patch recommendations through its innovative remediation technology: patch backporting. Patch backporting will port you back to the older versions so that you patch your code down to the code level.

License Compliance

Check for license violations with Labrador OSS. With over 1,600 listed licenses in its database, Labrador OSS can instantly find potential library issues in your source code.

Labrador OSS Features

Diverse Input Options

Labrador OSS is easy to use with its 3-input options. Labrador will analyze quickly all types of files, source codes or URLs you provide and will check for potential license violations or vulnerabilities

SDLC & CI/CD Integration

Through REST API, Labrador OSS offers to your cloud-based or on-premise SDLC and CI/CD pipelines secure data communications, making it simple for all kinds of infrastructure to create secure software environments.

User-defined Vulnerabilities

Organizations can manage their proprietary source code with Labrador OSS. The user-defined vulnerability feature will help you register internally-defined vulnerabilities as well as older or prohibited components, and automatically control proprietary and OSS components simultaneously. It will considerably reduce time and resource consumption by removing recurring vulnerabilities and give your organization room to manage development policies at any SDLC stage.

SBOM Overview

SBOM Features

The Software Bill of Material (SBOM) is derived from the manufacturing industry and is a nester inventory of all analyzed software components. Labrador© provides SBOM in international standard formats: SPDX and CycloneDX.

The Importance of SBOM for Organizations

In the light of breaches such as Heartbleed or Solarwinds that affect millions of customers worldwide, SBOM has become a necessity to mitigate risks and spot vulnerabilities that would otherwise take months or years to patch.

US Regulation

In May 2021, through Presidential Executive Order, SBOM has become regulatory. All US-government related organizations are required to provide a SBOM of the software services they provide. We expect that organizations across the world adopt this regulation in the near future.

SBOM Process

VUDDY© (VUlnerable coDe clone DiscoverY)
: A Scalable Approach for Vulnerable Code Clone Discovery, IEEE Symposium on Security and Privacy(S&P)

CENTRIS©
: A Precise and Scalable Approach for Identifying Modified Open-Source Software Reuse, International Conference on Software Engineering(ICSE)

Integration

Languages/Frameworks

Package Managers

CI/CD

Get Labrador OSS

Labrador OSS has its specific SBOM process to ensure optimal for your software projects.

  • 1. SBOM
    Creation

    Create the list of all software components

  • 2. Vulnerability
    Detection

    Detect your vulnerabilities at a function level (VUDDY©)

  • 3. Vulnerability
    Remediation

    Automatically suggest vulnerability patches

  • 4. License
    Compliance

    Detect license compliance issues

  • 5.UDCM®

    User-defined Components Management (UDCM)
    Allows you to manage and secure easily your proprietary codes