Almost all software nowadays contains open source components. Some studies report that more than 95% of the applications have one or more open source components. Super handy of course, but this comes with a price. And that price can be very high! The risks are mainly in the license under which the component may be used and in so-called “vulnerabilities” that may be in the component version, for example about security.
The use of Open Source components seems convenient but can pose real dangers. Metri helps organizations to quickly get a complete understanding of the open-source components used, the licenses, the versions (used and available) and the Common Vulnerabilities & Exposures (CVEs) that are found in the used versions. These are known vulnerabilities that are administered in the National Vulnerability Database by the National Institute of Standards and Technology (NIST) in the USA.
For this, we use a Portfolio Health & Risk scan, in which a scan of all applications in the portfolio is performed using SaaS technology. This can be done within a few days and your code does not leave the organization! This gives you a quick insight into the invisible threats in your portfolio and you can quickly take targeted actions to reduce them. An example of this overview: