Microsoft integrates source-code analysis into its cloud security suite

Endor Labs Inc. said Microsoft Corp. has natively integrated its software composition analysis technology into its Microsoft Defender for Cloud cloud-native application protection platform. That means security teams can consolidate their application security and cloud security programs into a single platform and unified dashboard that spans all stages of the software development and deployment cycle.

SCA is a process used to identify and manage open-source components and dependencies within software applications. It focuses on analyzing the software's codebase to detect the use of third-party libraries, frameworks and open-source components.

Cnapp protects cloud-native applications by addressing their unique characteristics such as software containers, the Kubernetes container orchestrator, serverless functions and microservices.

Endor Labs said the native integration enables teams to correlate SCA findings with runtime alerts to view code-to-runtime attack paths. That means they can trace exploitable vulnerabilities found in open-source software dependencies to potential exploit paths in their cloud environments. This allows for more targeted remediation.

Tracing vulnerabilities from code to runtime can also reveal hard-to-find issues such as a reachable vulnerability in an open-source package that is used on an internet-reachable cloud workload. Defender for Cloud users can see a full attack path, from code committed to runtime workloads in the cloud.

Although only 9.5% of vulnerabilities are exploitable within a given application context, according to Endor Labs research, it can be tricky for teams to identify critical ones. Risks often aren't fully documented, with only 2% of public advisories containing information about which library functions are at risk, the company reported.

With Defender for Cloud integration, security teams can get function-level reachability analysis for each vulnerability they find and see if function-level reachable vulnerabilities are in running applications. A "reachable" finding indicates there's an attack path from the developer's code through open-source dependencies to a vulnerable library or function.

Defender for Cloud integration is currently in public preview and will be available in the Azure Marketplace.