As a software producer, you can use Scribe to apply security guardrails to your SDLC based on security posture, risk analysis of open-source dependencies, and development practices. You can also use Scribe to share with your customers select attestations about your compliance and software’s security.
Scribe collect external sources
Scribe integrates with data sources to track and analyze risks in open-source dependencies. These integrations offer up-to-date intelligence. Some of these sources include:
Read the Use CaseTo secure the supply chain, Scribe continuously generates and collects the following types of evidence. For instance, on every build run:
Software bills of materials of assets and artifacts such as source code, package managers, build artifacts, and build agents
Hash values of artifacts and tools in the SDLC toolchain
Findings from scans for vulnerabilities
Security-related settings from dev tools
Information about SDLC events such as code commits, user IDs, code reviews
