CleanSource SCA

Rapid Growth in Open Source Adoption Intensifies Security and Compliance Risks

Challenges in Using Open Source Software
Pervasive Vulnerabilities & Inefficient Positioning
84% of codebases contain at least 1 vulnerability,74% contain high-risk vulnerabilities,Vulnerability positioning remains time-consuming
(Source: OSSRA 2024)
Delayed Open Source Governance System Development
Insufficient corporate investment in open source governance strategy and human resources leads to weak lifecycle control and inadequate compliance review mechanisms.
Emerging Security Challenges in the AIGC Era
While accelerating innovation, AIGC technologies (e.g., LLMs) expose enterprises to potential open source vulnerabilities and license compliance risks.
CleanSource SCA
Empower Your Business with Comprehensive SBOM & Security Management
Our platform enables enterprises to rapidly build accurate and comprehensive Software Bills of Materials (SBOM). We provide:
Advanced Detection: Multiple cutting-edge detection techniques.
Extensive Knowledge: A comprehensive vulnerability database.
Flexible Deployment: Options to suit your infrastructure.

Core Advantages

Component Identification

Broad Language Support: Comprehensive analysis for 604 languages and all major frameworks

Deep, Multi-Layer Scanning: Detects components, dependencies, code snippets, and binaries using patented algorithms

Unrivaled Speed & Accuracy: Optimized scanning that completes in about 40 minutes for projects as vast as the Linux kernel

Knowledge Base

Massive Knowledge Base: Scales to 320M+ components, 270K+ vulnerabilities, and 4K+ licenses continuously updated from 200+ sources

Unmatched Vulnerability Intelligence: Correlates data from NVD, CNVD, CNNVD; Our exclusive CAAS system provides a 30-day head start on zeroday threats

Extreme Data Efficiency: Proprietary technology compresses petabytes of data into a highly operational 10-20TB knowledge base

License Compliance

License Analysis: Identifies license risk levels, compatibility issues, tampering alerts, and policy violations with 98%+ accuracy

License Obligation Tracking: Interprets license rights, obligations, and restrictions;Supports editing of license types within SBOM.

Component-Level Guidance: Provides clear, actionable OSS license guidance for both developers and management

Integration & Performance

Integration Capabilities: Supports CLI, API, Jenkins plugin and more; Enables code review within internal platforms via API; Compatible with LDAP and code repositories

Scanning Performance: Scans up to 7GB of code/hour with snippet scanning enabled; Efficiently handles ultra-large projects exceeding 5GB

Flexible Deployment

Flexible Deployment: SaaS, On-Premises, and Hybrid deployment

On-Premises Configuration Recommendations

SCA Server: 64-core CPU, 256GB RAM, 2TB NVMe SSD (<50G parallel scan)

Knowledge Base Server: 64-core CPU, 256GB RAM, 20TB NVMe SSD

All-in-One Server: 64-core CPU, 512GB RAM, 25TB NVMe SSD