Software binary analysis (SBA) features
DigiCert® Software Trust Manager's threat detection services allow you to scan open-source components in your development workflow to help your team automatically track, manage, and remediate licensing issues and vulnerabilities before releasing your software.
SBA scans via threat detection services are a security tool used to analyze the compiled binary code of an application or system without executing it.
SBA is also known as a binary analysis or binary code analysis.
Currently, there are two types of service tiers, a free service (named Software Assurance Service) and a paid service (named Supply Chain Compromise Risk Assessment Service).
At a high level, if you run a scan under the free service, then that scan data will be purged after 7 days. Even if you upgrade your service within 7 days, scan data that ran under the free service will be purged after 7 days.
To retain scan data, you must upgrade your service, and then execute a scan.
Service tiers
Review the following table to understand the differences between SBA service tiers.
注記
The Supply Chain Compromise Risk Assessment Service tier contains all features from the Software Assurance Service tier, as well as additional features.
Feature | Software Assurance Service (free tier) | Supply Chain Compromise Risk Assessment Service (paid tier) |
---|---|---|
CLI version compatibility | Limited to CLI versions above 1.52.0.
Scans cannot exceed 5GB per month | Compatible with all CLI versions without requiring an upgrade. Scan limits are license based |
Scan report details | Lists all deployment risks, along with priority and description Lists CVEs, along with severity and score Other scan details are masked. | Lists all deployment risks, along with priority and description
Lists CVEs, along with severity and score
No data masking; full scan details are provided. |
Report generation | Does not generate reports | Generates the following report types:
|
Health check | Displays enabled/disabled state for threat detection.
| Displays enabled/disabled state for threat detection.
|
CLI response | Displays pass, fail, or warning, as well as the number of violations for the following risk categories:
| Detailed output of malware, vulnerabilities, and suspicious behaviors if the --threat-summary flag is added.
|
Data retention | Data (reports and scan data) cannot be stored in the local system. | To enable this functionality, add following flags while scanning:
Data (reports and scan data) is stored in the local system. |
Processing | May take up to 20 minutes to display | Available immediately |
Purge policy | Scan data purged after 7 days | Scan data does not get purged |