抱歉，尚不支持此语言

AI-generated code | Harness the power of AI coding assistants while managing the risks.
API Security Testing | Manage software risks with a holistic API security testing program.
AppSec Consolidation | Simplify your application security program
Application Security Testing | Solutions to address security risks at all stages of the application life cycle.
DevSecOps | Solutions to help shift security left without slowing down your development teams.
Software Supply Chain Security | Solutions to identify and manage software supply chain risks end-to-end.
Manage AppSec Risk | Scale your application security program without increasing complexity or adding friction.
Cloud & Container Security | Optimize your applications for secure deployment and operation in the cloud.
Open Source License Compliance | Effective solutions for ensuring open source license compliance.
M&A Due Diligence | Identify software risks that could negatively impact the value of acquired IP.
Quality & Security Standards Compliance | Ensure your software complies with the standards critical to customers and regulators.

Static Analysis (SAST) | Analyzing code for security vulnerabilities without executing it.
Software Composition Analysis (SCA) | Analyzing software components for security and license compliance.
Dynamic Analysis (DAST) | Testing running applications for security vulnerabilities.
Interactive Analysis (IAST) | Real-time security testing during application execution.
Penetration Testing | Simulated cyberattacks to identify vulnerabilities.
Mobile Application Security Testing (MAST) | Ensuring the security of mobile applications.
Application Security Posture Management (ASPM) | Managing and improving application security posture.
Fuzz Testing | Identifying vulnerabilities by inputting random data to applications.

Automotive | Security solutions for automotive industry applications.
Financial Services | Security solutions tailored for financial services.
IoT & Embedded | Security for Internet of Things and embedded systems.
Medical Device | Security solutions for medical devices.
Public Sector | Security solutions for government and public sector organizations.

Dev and DevOps Teams | Security tools and practices for development and DevOps teams.
Security Teams | Solutions and support for dedicated security teams.
Legal Teams | Resources and compliance tools for legal teams.

CISA的六种SBOM指南

软件物料清单(SBOM)是对构成软件应用的组件的详细清单。SBOM可以帮助您了解软件的依赖关系、许可证合规、以及安全和质量风险。同时，SBOM也可以让您看到软件供应链的具体情况，现已成为保护软件供应链安全的一项常见的重要措施。

但是，没有任何两个SBOM是相同的，网络安全基础设施安全局(CISA)根据软件开发生命周期的不同阶段，定义了六种SBOM类型，以帮助企业了解其软件构成情况。

通过阅读本指南，您将了解到CISA定义的各类SBOM所包含的组件，以帮助您确定哪种类型最适合您。

下载本指南，以了解：

下载电子书