SmartRocket Scanner

Product overview

SmartRocket Scanner is an open-source compositions asset security and compliance analysis management tool. It is rooted in security philosophies such as shift-left security, DevSecOps, and real-time monitoring. Throughout the software lifecycle, it continuously automates identification of open-source software and dependent compositions, compositions inventory management, security risk analysis and vulnerability remediation, license risk analysis, continuous integration management, user library management, and more. It seamlessly integrates with third-party development tools to enable automated security analysis, policy implementation, continuous integration and real-time monitoring, promptly responding to new vulnerabilities with targeted notifications. The tool is suitable for continuous management and monitoring platforms like agile development, pipelines, and shift-left security, helping enterprises solve issues arising from poor maintenance and management of open-source software through its product solutions."

Features

  • In-depth Analysis

    Performs thorough line analysis through multi-dimensional static code scanning, dependency package scanning, code provenance scanning.

  • Efficient Vulnerability Fixing

    Accurately analyzes and pinpoint vulnerabilities, offering tiered solutions or mitigation measures, providing detailed information for risk assessment.

  • License Compliance

    Provides comprehensive open-source license recognition, risk analysis, traceability analysis, and compatibility analysis.

  • Continuous Monitoring and Traceability

    The system's knowledge base is updated daily to promptly discover new vulnerabilities affecting compositions and projects, with directed push notifications and responses.

Value advantage

  • Dynamic Secure Version Recommendation

    Provides dynamic solutions, recommending upgrades to the secure version closest to the user's current version to ensure compatibility. If multiple vulnerabilities belong to the same compositions, a unified version will be recommended for repair.

  • Flexible User-Built Dependency Library

    Supports enterprises in independently constructing vulnerability databases and open-source software knowledge bases. The tool can promptly detect whether a project has introduced a specific dependency or vulnerability. Also, it provides an open API that supports flexible customization.

  • Full-Scale Composition Firewall

    Users can set rules based on vulnerability risk levels, licenses, and compositions white/blacklists, automatically preventing risky compositions from entering private repositories to avoid problematic compositions from entering the software development lifecycle."

  • High-efficiency Agile Development

    Supports discovering code issues during the coding process and locating them down to the line, quickly providing repair suggestions. It performs automated policy execution based on user-defined rules during the build phase, timely blocking to achieve shift-left security.

  • Data Visualization Workspace

    Provides management teams with a visual display of the entire enterprise's open-source assets, accurately grasping used open-source compositions, open-source vulnerabilities, vulnerability change trends, and more. This aids in intuitive statistics collection and helps businesses manage their security assets.

  • Real-time Monitoring and Precision Push

    Monitors open-source software vulnerability intelligence in real time, linking related projects of the user to ensure timely responses. Provides configurations for email and DingTalk transaction tracking tools for targeted reminders and precise issue information push notifications.

Typical applications

  • Automobile Manufacturers

  • Software Developers

  • Financial Industry