SecObserve+
Automated workflow for software supply chain management
The project SecObserve+ integrates three established tools, SecObserve, ScanCode, and VulnerableCode, to improve visibility and security across software supply chains. SecObserve orchestrates an automated workflow in which ScanCode performs deep codebase analysis to identify dependencies, licenses, and copyrights, while VulnerableCode provides direct access to a FOSS vulnerability database, removing the need for intermediary scanners. The project aims to significantly reduce vulnerability detection time and strengthen SecObserve's Software Composition Analysis capabilities, contributing to a more secure and transparent open source ecosystem.
- The project's own website: https://secobserve.github.io/SecObserve/
This project was funded through the NGI0 Commons Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 101135429. Additional funding is made available by the Swiss State Secretariat for Education, Research and Innovation (SERI).
