Additional Info

CompanyXmirror Security
Websitehttps://www.xmirror.cn/
Company size (employees)100 to 499

Overview

OpenSCA is the open-sourced version of Xcheck OSS (Open-Source Security Platform) under Xmirror Security. It succeeded the core capabilities of Xcheck OSS’s SCA open-source application security defect detection. Through software component analysis, dependency analysis, feature analysis, reference identification, compliance analysis, etc., OpenSCA can deeply explore various security vulnerabilities and open-source protocol risks hidden in components, and discover known security vulnerabilities in advance to reduce the risk of users facing of security attacks in the software supply chain.

How we are different

1. Support for various languages, supported by vast knowledge base
• Support for software component analysis of multiple mainstream programming languages including but not limited to Java, JavaScript, PHP.
• Supported by a mass of real-time component database, vulnerability database, license database, feature database in cloud platform.
2. Component dependency parsing and Visualized SBOM analysis
• Parsing of components’ direct dependency and indirect dependency.
• Analyze component security vulnerabilities, and position the affected area quickly and repair it in time.
• Visualized SBOM (Software Bill of Material) helps to sort out internal software assets quickly.
3. License compliance analysis and intellectual property security protection
• Support for mainstream licenses detection.
• Analyze the compliance and compatibility risks of open-source licenses.