关键词: SCA, OSS, 开源威胁治理, 开源组件扫描, 许可证合规分析

Abstract: Xcheck open source security platform is an open source application security defect detection technology based on multisource SCA. Combined with the unique application probe of Xmirror Security, it accurately identifies the open source thirdparty components intentionally or illegally referenced by software developers in the process of application development, extracts the characteristics of open source components and calculates the component fingerprint information through the application composition analysis engine, and deeply tap various security vulnerabilities and open source protocol risks hidden in components. Compared with the traditional SCA detection platform, Xcheck OSS focuses more on the thirdparty components and dependencies dynamically loaded during the actual operation of the application system, and carries out indepth and more effective threat analysis on this basis. At the same time, Xcheck OSS timely obtains open source component information and related vulnerability information worldwide through the intelligent data collection engine, reduces the security risks brought by open source components and ensures software security.

Key words: SCA, OSS, open source threat governance, open source component scanning, license compliance analysis