CAST Highlight
A smarter, simpler approach to software composition analysis (SCA)
Operational in Weeks
Plugs directly into code repositories. Aggregates findings across all applications into intuitive dashboards. Legal and security experts can monitor risks without relying on developers.
Automated Recommendations
Prioritizes which risks to address first, based on the business impact of each application. Guides legal, security, and software experts in choosing alternative, safer to use components.
Detects Emerging Vulnerabilities
Automatically analyzes the source code of popular open-source components, so it can spot weaknesses months before traditional SCA products can.
Key SCA Capabilities
Open Source Safety score
Automatically detect all open source frameworks and 3rd party components from a proprietary knowledgebase of 100 million+ components. Use the unique Open Source Safety score to prioritize remediation efforts across entire portfolios and focus on the most business critical applications first.
Auto-Generate or Import Existing SBOMs
Automatically generate or import existing SBOMs including an inventory of all OSS components used within the codebase, licenses, versions, and security vulnerabilities. Export SBOMs in various formats including industry standards such as CycloneDX, Word, Excel, PPT, XML, and REST API.
Portfolio Advisor for Open Source
Rapidly prioritize applications with Open Source and third-party component risks across your application portfolio and get automated recommendations on actions to take to reduce vulnerability, license and operational risks.
Proprietary Component Governance
Automate governance of proprietary components and frameworks across an application portfolio by identifying, cataloguing, rationalizing, and managing usage of these components that are referenced within applications.
Detect Common Vulnerabilities & Exposures
Automatically identify all CVEs that pose security risks at the portfolio and application levels. Receive automated email notifications on new CVEs as soon as they are discovered.
Detect Common Weakness Enumerations
Expand security risk insight coverage by identifying CWEs that represent possible future vulnerabilities that have not yet been reported officially as CVEs. Automatically detect CWEs via CAST’s exclusive Open Source Software Intelligence Database (OSSIDB) and structural code quality technology that analyzes the most popular OSS components.
Reduce legal risks
Detect all licenses in use across components at the portfolio and application levels to identify possible legal issues. Customize the license profile policy to meet specific needs of the organization.
Automated Recommendations on Safer Component Versions
Instantly detect which applications use obsolete or unsecure component versions that require upgrades and get automated recommendations on safer versions to use where CVEs have been removed/reduced.
Uncover hidden risks
Detect open source vulnerability and license risks buried in dependent components that your open source components use. Get insights on how to remove these harder to find threats.
SCA Extension for Visual Studio Code
Shift left open source risks to address them earlier in the development cycle. Get open-source component information (version, vulnerabilities, license risk, allow/deny status, etc.) directly in the Visual Studio Code IDE.
SCA Chrome Browser Extension
Get Open Source component information (vulnerabilities, license risk, allow/deny status, available versions, etc.) directly in Chrome when visiting component repository web sites.
What Our Clients Experienced
CAST Highlight gave us fast results to better manage open source risks across all our applications.
Marilyn Hartnett
VP, Open Source Governance
CAST Highlight helps us to uncover potential risks in terms of the use of open-source components.
Erik Oltmans
Associate Partner
