Introducing SBOM360 Hub - Software Supply Chain Security for your Software Distribution Chain.
Read the Blog
Read the Press Release
Press Release
Come visit us at BlackHat 2023
BlackHat 2023

Lineaje Weekly Chart

Insights into your Software Supply Chain

Sept 2023 : Volume 1

What’s in your open-source software?

The Data

Lineaje research indicates that 8.3% of Open Source Software is of unknown origin.

  • 3% of components embedded in open source software as dependencies don’t come from where the open source developers claimed to have gotten them from. So you don’t know where they came from and neither do the developers that included them!
  • 5.3% of all components come from the PURL (Package URL) where they were included. However, the version included does not match the version published by the developing product. They have been tampered with and the tampered source code from where they were built is not available to you.
The Implication

  • Lack of Trust: Components with dubious or unknown origins do not undergo the same level of scrutiny or security checks as well-established, reputable sources.
  • Potential for Malicious Insertions: Components of unknown origin may have been tampered with, potentially containing backdoors, malware, or other malicious code that could compromise the security of the system.
  • Limited Patch Availability: In the event of a vulnerability discovery, it may be difficult or impossible to obtain timely patches or updates for components of dubious origin, leaving the software exposed to potential exploits.
  • Remediation Efforts: Identifying and replacing components of dubious origin can be resource-intensive and time-consuming.
  • Opaque Dependencies: Far unknown components understanding the function the component provides is difficult and the dependencies it includes are opaque.

‍Unknown components in your software are a high risk and well-known Open source components pull them into your software.

Source: “What’s In Your Software: An Approach to Enhance Software Supply Chain Security demonstrate by a deep analysis of the Apache Software Foundation”; Lineaje AI Labs Report; April 2023
Application Security
Digital Innovator 2023
Most Innovative Software Supply Chain Security
Cybersecurity Company
Software Supply Chain Security
Industry Solutions

Integrations and Language Support

Lineaje is continuously adding support for your favorite languages and integrations to connect with tools, pipelines, and workflows.

Trusted by brands globally