OPSWAT MetaDefender Software Supply Chain

OPSWAT MetaDefender Software Supply Chain is a security solution designed to protect the software development lifecycle from supply chain threats. The product addresses risks associated with third-party code, open-source dependencies, and container images. The solution generates Software Bill of Materials (SBOM) for third-party components, providing visibility into software dependencies and packages. It exports SBOM data in CycloneDX and SPDX formats to support compliance requirements including SOC2 and ISO 27001. For container security, the product assesses malware, vulnerabilities, and risks across all layers of container images. It uses multiscanning technology with 30+ antivirus engines to detect malware in source code, build artifacts, and containers. The product includes Proactive DLP functionality to identify hard-coded secrets, credentials, passwords, tokens, and API keys embedded in source code and containers. Automated vulnerability scanning integrates into the SDLC to identify and assess risks in third-party components. MetaDefender Software Supply Chain integrates with source code repositories and container registries. It supports flexible workflows that allow developers to schedule scans or trigger actions based on their development processes. The solution offers standalone and per-user licensing options.