<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=705633339897683&amp;ev=PageView&amp;noscript=1">

New Coveros secure software supply chain management service powered by the Tidelift Subscription

Matt Rollender
by Matt Rollender
on November 7, 2022

Don't miss the latest from Tidelift

It is great to be back in Orlando, FL this week at the Agile + DevOps East Conference! We’re also pleased to share that we are now partnering with Coveros on their new secure software supply chain management service—powered by the Tidelift Subscription

Open source is an amazing resource and it is nearly impossible for organizations to build applications in 2022 without using it extensively. Today over 90% of modern applications contain open source components and in these applications, open source typically makes up over 70% of the code base. While this widespread use of open source makes developers more productive and accelerates development and deployment, it also comes with hidden costs related to keeping it secure and well maintained.

A key strategy to safe and secure application development is ensuring the open source components in your software supply chain are as secure, healthy, and well maintained as possible. The new Coveros software supply chain management service does just that, by combining people and software. There are 3 main components to the service:

  • Assess. Assess current software supply chain artifacts, governance, and management.

  • Understand. Generate dynamic software bills of materials (SBOM) to understand the risk associated to open source usage, including dependency and vulnerability assessments.

  • Remediate. Establish proactive and on-going dependency management and remediation for secure consumption of open source components in your software supply chain.

Want to learn more about Tidelift and its partnership with Coveros? Stop by our orange booth at the Agile + DevOps conference in Orlando this week! Larry Copeland, solutions architecture lead, will be giving a presentation, Connecting the Dots: A Dive Through the Layers of Your Open Source Supply Chain, on Wednesday, Nov. 9 at 3 p.m. He'll be exploring the relationship between open-source libraries commonly used together in modern open-source applications and what you need make sure you’re aware of before you deploy your next build. You won't want to miss it!

See you in Orlando!

Fireside chat: Why this CISO thinks SBOMs aren’t the silver bullet