Feature Preview

Check out what we’re developing
Ask about joining our Early Access program
Feature Preview

Managing software security for modern applications is an act of balancing feature development and the ever-evolving threats landscape. Application security is an integral part of the software development lifecycle, and often the primary driver for a software update. Monitoring software security quality and enforcing best practices during development eliminates the “mad scramble dash” at the end of a release cycle.

We’re making this vision of integrated software security development a reality through our feature-driven development. Here’s a sneak preview for some of the features we’re working on.

Approved Software Releases

Approved Software Releases - See it at RSA 2023

  • saas-released
  • security
  • operations
  • behaviors
  • tampering
  • review
  • enforcement

Releasing software updates in the age of supply chain attacks is a stress inducing venture. Modern software stacks have become extremely complex, and increasingly dependent on a multitude of third-party libraries. Protecting the software integrity is now a challenge of managing security of a build system, and all of the code it uses to produce your software artifacts.

With approved software releases application security teams get a final stamp of approval before a package gets out the door. Automated package diffing not only highlights changes between subsequent versions, but also provides insight into code behaviors. Spotting a newly added unknown component, or finding an old one that suddenly has new code, or a digital signature failing to validate are just some examples of rules used to protect the supply chain integrity. Automatically approve releases that comply with set policies, and have a second pair of eyes on anything that looks odd.

Fine-grained Policy Controls

Fine-grained Policy Controls checked-package

  • cli-released
  • devsecops
  • configuration
  • suppression
  • enforcement

While some security quality issues are less important, as their overall impact is negligible, others may be their complete opposite. Sometimes you explicitly want to fail the build if the critical vulnerability hasn’t yet been resolved, or you’ve forgotten to enable a security mitigation, or if someone added networking functionality to a component that’s never meant to have it.

With fine-grained policy controls all this becomes easy. Each software component, in-house developed or from a third-party, can have a set of enforced do’s and don’ts. You can even create custom content matching rules that prevent secrets from being leaked. Application security and software development teams can use this feature to move security posture in the right direction. Both having their voices heard, working together to improve the user experience.


Software Inventory Monitoring

Software Inventory Monitoring checked-package

  • cli-released
  • devsecops
  • security
  • sbom
  • inventory
  • auditing
  • search

Remember when you and your team had to do a mad scramble over the weekend to figure out if, and where, you’re using log4j? That wasn’t fun for anyone, and as things stand it is more than likely something similar will happen again. And very likely a few more times after that as well.

With software inventory monitoring application security and development teams get to reclaim their weekend. Deep software package inspection recursively extracts hundreds of supported formats to find all embedded and referenced dependencies. It doesn’t matter if you’re developing a web app that uses Django and React, or if you’re writing a server app that’s written in C++ or Java. All these components and their dependencies are listed in the Software Bill of Materials. Even better, there’s a simple search over all of your packages to answer that dreaded question: Hey, are we vulnerable to that log4shell thing the internet is buzzing about?

Ask about joining our Early Access program

Any statement on this page that is not purely historical is considered a forward-looking statement. Forward-looking statements included on this page are based on information available to ReversingLabs as of the date they are made, and ReversingLabs assumes no obligation to update any forward-looking statements. The forward-looking Feature Previews do not represent a commitment, guarantee, obligation or promise to deliver any product or feature, or to deliver any product and feature by any particular date, and is intended to outline the general development plans. Customers should not rely on this roadmap to make any purchasing decision.