The FOSSID vulnerability snippet finder detects and identifies the actual lines of code that introduce vulnerabilities in open source and proprietary software
Traditional Software Composition Analysis (SCA) tools and software scanners typically identify open source components and their versions in the scanned code and correlate them to known vulnerability lists from public repositories (most commonly the National Vulnerability Database, NVD).
But security vulnerabilities and exposures often relate to only a few lines of code within a whole open source project. FOSSID detects the actual lines of code that are known to make open source components vulnerable – regardless of if it scans known or unknown open source components, or even proprietary code.
This means that the user is not overwhelmed with all vulnerabilities for a particular open source software component if only a part of it is used, and the precise search mechanism allows for more vulnerabilities to be found in the scanned code base, compared with other tools in the market.
FOSSID’s technology takes security vulnerability detection and management to new levels. To be able to find not only a vulnerable component, but the very snippet that could bring harm to your code brings tremendous value to our customers, alleviating the remediation process, and keeping their products and services secure.
The VulnSnippet Finder is an add-on to FOSSID’s scan engine with the most comprehensive knowledge base on the market and is purposefully designed for Continuous Integration (CI). It can be used with FOSSID’s Command Line Interface (CLI) and communicates over standardized protocols and formats.