No more typing reviews! Try our Samantha, our new voice AI agent.

ZvikaRonen

  • Chief Technology Officer at FOSSAware
  • Has 10+ Years Of Experience
Badges
130 Points5 YearsTop 10
User Activity
Almost 2 years ago
Answered a question: What SCA solution do you recommend?
My recommendation is tool selection process Selecting a suitable Software Composition Analysis (SCA) tool is crucial for managing risk in software development.  Here are some key considerations to help you make an informed choice: 1. **Evaluate Your Needs and Priorities**:…
Almost 2 years ago
Answered a question: Is there an SCA solution that finds and fixes vulnerabilities?
Software Composition Analysis (SCA) tools play a crucial role in managing open-source components within your applications. These tools help track vulnerabilities and provide guidance on how to address them. However, the approach to handling vulnerabilities can vary…
Almost 2 years ago
Answered a question: Can I get SCA in my IDE?
Certainly! Here’s a rephrased version of your statement Software Composition Analysis (SCA) tools can indeed integrate with developer Integrated Development Environments (IDEs) to enhance security during the software development lifecycle. When selecting an SCA tool, it’s…
Almost 2 years ago
Answered a question: How long does SCA scanning take?
The duration of an SCA scan can vary significantly based on factors like codebase size, the number of dependencies, and the efficiency of the chosen tool. It can range from seconds to hours or even days (while seeking for snippet matching). For more accurate estimates…
Almost 2 years ago
Answered a question: Why is Software Composition Analysis (SCA) important for companies?
Software Composition Analysis (SCA) is crucial for companies due to several reasons Risk Mitigation: SCA helps companies identify and manage risks associated with third-party software components. By analyzing open-source libraries and dependencies, SCA tools can detect…
About 3 years ago
Answered a question: What is the best way to track open-source license compatibility?
Open Source licenses require management and not just tracking.   xGPL license is the 3rd most popular license in use. Alerting or blocking all xGPL licenses will be hard to manage and very costly to avoid/replace The best way is to implement an Open Source management…
Almost 4 years ago
Contributed a review of Snyk: Useful software composition analysis, highly scalable, and good support
Almost 4 years ago
Contributed a review of Mend.io: It has good dashboard and management views, and it is helpful for early fixing and post-production management
About 4 years ago
Answered a question: What is an Application Security Posture Management (ASPM)?
I'd like to add to the previous comment the SCA (software composition analysis) perspective.  Today each organization use open source components in multiple ways (at its infrastructure, 3rd party tools, as building blocks in its software development) there is no "Open Source…
Over 4 years ago
Asked a question: Developer sabotaged his own popular open-source libraries - WDYT?
Over 4 years ago
Answered a question: How to use Software Bill Of Materials (SBOM) to protect the supply chain from cyberattacks?
It depends, if the organization creates its software, then SBOM shell be used to monitor new vulnerabilities in order to fix on time and alert the customers If the organization is only using the software (supply chain) they should ask, for their critical software, the…
Over 4 years ago
Answered a question: What are your top DevOps and DevSecOps predictions for 2022?
My prediction is that company will adopt SCA tools into their CI/CD to manage open-source related risks.  The log4j vulnerability pulled the open-source vulnerability awareness trigger for software consumers and the lack of management by the software creators. All software…
Projects
Over 5 years ago
Open source SW composition analysis
Open source SW composition analysis
Experience
Reviews
Snyk Logo
Almost 4 years ago
Snyk
Useful software composition analysis, highly scalable, and good support
Mend.io Logo
Almost 4 years ago
Mend.io
It has good dashboard and management views, and it is helpful for early fixing and post-production management
Questions
Answers
Almost 2 years ago
Software Composition Analysis (SCA)
What SCA solution do you recommend?
Almost 2 years ago
Software Composition Analysis (SCA)
Is there an SCA solution that finds and fixes vulnerabilities?
Almost 2 years ago
Software Composition Analysis (SCA)
Can I get SCA in my IDE?
Almost 2 years ago
Software Composition Analysis (SCA)
How long does SCA scanning take?
Almost 2 years ago
Software Composition Analysis (SCA)
Why is Software Composition Analysis (SCA) important for companies?
About 3 years ago
Software Composition Analysis (SCA)
What is the best way to track open-source license compatibility?
About 4 years ago
Application Security Tools
What is an Application Security Posture Management (ASPM)?
Over 4 years ago
Supply Chain Management Software
How to use Software Bill Of Materials (SBOM) to protect the supply chain from cyberattacks?
Over 4 years ago
Agile and DevOps Services
What are your top DevOps and DevSecOps predictions for 2022?
About me

Co - Founder | Open Source Risk Management | Open Source Licensing | Open Source Due Diligence | OpenChain partner | ISO5230

Interesting Projects and Accomplishments
Over 5 years ago
Open source SW composition analysis