v2
    Beta

    Ion Channel

    Software Supply Chain Risk Management

    Browse by category

    Navigation

    Guides users through the website's layout to locate information effectively.

    Getting Started

    The process of creating projects, adding components, and verifying them.

    API and Command Line Tools

    Utilize and access the product's API and command line tools.

    Analysis Reports

    Describes and illustrates how automated reports can assess company risk.

    Glossary

    Upcoming features for release in the next update.

    Your Source for Software Supply Chain Security

    Software supply chains are a blind spot for many organizations: weaknesses can come from any component in your software supply chain, and threat actors know this.

    image

    Ion Channel brings a holistic view of software risk to:

    • Uncover Minimize surprise from open source software components and reject fragile code with dubious pedigree and provenance.
    • Illuminate unacceptable supply chain attack surface and concentration risk.
    • Analyze and prioritize leading risk indicators in a Software Bill of Materials (SBOMs).
    • Generate, analyze and monitor SBOMs if all you have is legacy FLOSS lists or spreadsheets from assurance packages.
    • Get authoritative software names and identities from inventories with incorrect or incomplete data, or low quality SBOMs with minimal (or sub-minimal) data.
    • Understand when vulnerability remediation would require overwhelming resource commitment.
    • Understand which vendors are likely unable to remediate known vulnerabilities in their product, and which vendors are well-positioned to update and secure their products in a timely fashion.

    How it Works


    The 1Exiger platform continuously ingests software supply chain data to identify where software dependencies show:

    • Changes to open source components, maintenance and compliance history.
    • Leading indicators of risk in the absence of known vulnerabilities.
    • Supplier risks that software scanners don’t detect, like change-of-control.


    image

    As software is delivered by vendors, contractors or in-house developers, our secure platform:

    • Ingests and builds a SBOM.
    • Analyzes all transitive dependencies, maps supplier risk metrics, automates pass/fail security rules.
    • Maintains continuous monitoring on all components and SBOMs.
    • Provides scheduled and event-driven updates in assurance data to trigger contractual and security workflows.
    • Differentiates security-aware and security-responsive suppliers based on vulnerabilities, cyber hygiene, technical debt, supply chain fragility and mean-time-to-remediation.
    • Automates gating functions based on risk criteria to verify and enforce customer terms and conditions and safeguard software.

    Recently Created Articles

    Recently Modified Articles