Checkmarx has announced the acquisition of Dustico, a SaaS-based solution that detects malicious attacks and backdoors in open source software supply chains, for an undisclosed sum. Through this acquisition, Checkmarx will combine its application security testing (AST) capabilities with Dustico’s behavioral analysis technology to give customers a unified view into the risk, reputation, and behavior of open source packages, resulting in a more comprehensive approach to preventing supply chain attacks.
Dustico’s technology is built to go beyond traditional source code vulnerability analysis and look at the behavior and reputation of open source packages via a three-pronged approach.
First, the solution factors in trust, providing visibility into the credibility of package providers and individual contributors in the open source community. Second, the health of packages is examined to determine their update cadence and level of maintenance. Finally, Dustico’s advanced behavioral analysis engine inspects packages and looks for malicious attacks hiding within including backdoors, ransomware, multi-stage attacks, and trojans.
This insight, coupled with vulnerability results from Checkmarx’s AST solutions, gives organizations and developers a more holistic, unified, and effective approach for managing the risks associated with open source and the supply chains dependent on them.
Additional key features of Dustico include: Advanced machine learning and threat intelligence; ahead-of-time analysis and also developer-first approach.