Published on: January 7, 2025
4 min read
New software composition analysis features use risk-based intelligence so developers and security teams can prioritize critical vulnerabilities for targeted remediation.
Application Security teams face a constant uphill battle in risk reduction due to the ever-growing number of vulnerabilities. This year alone, 36,000 Common Vulnerabilities and Exposures (CVEs) have been reported — a 25% increase from last year. The sharp rise intensifies the challenge of prioritization in vulnerability management, especially for lean AppSec teams.
To help, we’ve introduced several new enhancements to our Software Composition Analysis (SCA) solution. These improvements are available for all GitLab Ultimate customers:
By prioritizing exploitable vulnerabilities, AppSec teams can reduce triage times, accelerate remediation cycles, and improve collaboration with their development counterparts. Powered by our recent acquisitions of Oxeye and Rezilion's intellectual property, these new capabilities align with our vision of providing best-in-class application security solutions, natively built into developer workflows.
Software Composition Analysis helps organizations identify and manage open source components within their applications. By scanning the codebase, SCA provides insights into the component versions, licenses, and importantly, known vulnerabilities. With 90% of Fortune 500 companies dependent on open source components for their applications, SCA provides much-needed visibility to mitigate software supply chain risk.
High-profile breaches like SolarWinds and Log4Shell highlight how vulnerabilities in third-party components can compromise countless downstream applications. SCA tools act as proactive measures, enabling teams to identify vulnerabilities and enforce compliance early in the software development lifecycle, ensuring software security while maintaining development velocity.
With our latest SCA enhancements, GitLab helps you cut through the noise to prioritize real risks, reduce backlogs, and remediate faster – all within your existing workflows.
Focus on vulnerabilities that pose the greatest risk
Reduce triage times
Faster remediation to mitigate supply chain risk
We’re continuing to integrate Rezilion’s technology into our platform to help teams secure their software supply chains more effectively. Rezilion will be key to powering future innovations, including:
If you’re an existing GitLab Ultimate customer and would like to learn more about how Software Composition Analysis can enhance your application security program, visit our documentation. There, you’ll find details on implementation requirements, use cases, and more. Or if you’re not yet a GitLab Ultimate customer, get started with a free trial today to explore how GitLab enhances your ability to write secure software, achieve compliance goals, and improve development velocity.