We’ve all heard the stories about software products that had to be pulled from the market right before they ship. Or the undiscovered software security vulnerability (remember Heartbleed?) that put millions of software users at risk. If you’re using InstallShield® or InstallAnywhere® to build your installations, you can help prevent this from happening to one of your products by adding FlexNet® Code Aware™ into your build process.
Designed for software developers, FlexNet Code Aware is an automated open source risk assessment and package discovery solution that enables you to quickly scan your products for security and intellectual property (IP) compliance risk. By seamlessly integrating with InstallShield and InstallAnywhere, FlexNet Code Aware helps expose and assess intellectual property and security vulnerability risks before your product releases.
Benefits to Your Organization:
-- Help developers expose and assess IP and vulnerability risks at the build stage, before product ships.
-- Set the foundation for a vulnerability-free build while ensuring a smooth, error-free installation.
-- Quickly scan and discover open source software and thirdparty packages in your build.
-- Determine your product’s level of operational risk and receive guidance for remediation.
FlexNet Code Aware is an automated open source risk assessment and package discovery solution that enables software developers to quickly scan their products for security and intellectual property (IP) compliance risk. By seamlessly integrating with InstallShield or InstallAnywhere, FlexNet Code Aware becomes a standard part of the build process, helping developers expose and assess IP and security vulnerability risks before the product ships. This powerful combined solution sets the foundation for a vulnerability-free build while ensuring a smooth, error-free installation.
Overview of FlexNet Code Aware.
We’ve all heard the stories – the software products that had to be pulled from the market. Or the undiscovered security vulnerability (remember Heartbleed?) that put millions of software users at risk. Don’t let this happen to one of your products. More than 50 percent of the code found in most commercial software packages is open source, and most organizations typically know less than 10% of what is actually used. Make FlexNet Code Aware a standard part of your build process to ensure you are delivering a professional, consistent and security vulnerability-free software installation experience every time you ship your product.
Identify risks before you ship
With the integration to InstallShield and InstallAnywhere, open source risk assessment becomes part of your build process to automatically expose and assess vulnerability risks.
Fast and simple to run
Within minutes, you will receive an assessment of your operational risk along with a bill of materials of your open source and third-party packages allowing you to identify critical security vulnerabilities and IP compliance risks.
Flexnet Code-Aware Features
Perform Fast Automated Scans of Your Products
Quickly scan your product every time you run a build, and FlexNet Code Aware will automatically discover your use of open source and third-party packages, and calculate your overall operational risk. Since FlexNet Code Aware is integrated with InstallShield or InstallAnywhere, you can be aware of potential open source software security and license compliance issues before your product ships ensuring a vulnerability-free build and error-free installation.
Quickly Identify Open Source and Third-Party Packages
Scanning is simple. Just run a scan from your InstallShield or InstallAnywhere project, and FlexNet Code Aware will quickly identify the open source and third-party packages in your product.
Assess Your Level of Operational Risk
After you run your scan, you are quickly provided with leading operational risk indicators such as the number of open source packages identified with security vulnerabilities, intellectual property (IP) license compliance issues and copyright statements to determine your product’s level of operational risk and receive guidance for remediation.
Identify Security and License Issues with the Package Inventory Report
The Package Inventory Report provides an analysis of your open source and third-party packages and dependencies. It organizes results by severity of security vulnerabilities as well as priority of detected licenses. The filter panel at the top of the report allows you to perform targeted queries to filter the list to packages of interest.
FlexNet Code Aware is an automated Risk Assessment and Package Discovery solution. Given the nature of the analysis it performs, there may be cases of false positive and/or false negative results.
This release supports analysis of the following files:
-- Java Packages
-- Node Packages
-- Nuget Packages
-- PHP Packages
-- RPM Packages
-- Ruby Packages
-- EXE & DLL Files
Security vulnerabilities are looked up against the National Vulnerability Database (NVD).
FlexNet Code Aware is an add-on to InstallShield 2016 SP2 or higher, or InstallAnywhere 2017 or higher. System requirements are identical to those for InstallShield or InstallAnywhere.
JRE8 is required for the FlexNet Code Aware scan.
As part of this report, Flexera Software provides information to help customers make decisions regarding interpreting and responding to the terms of various open source licenses. This information is not equivalent to legal advice. While Flexera Software seeks to provide information that is accurate and useful, we recommend you consult a lawyer for legal advice.
INFORMATION IS PROVIDED ON AN AS IS BASIS AND FLEXERA SOFTWARE MAKES NO WARRANTIES, EXPRESS OR IMPLIED, WITH RESPECT TO SUCH INFORMATION.