CASE STUDY
Vitrana slashes OSS security vulnerabilities by over two-thirds with CAST Highlight
Vitrana is a global life sciences and healthcare platform, providing SaaS and on-premises deployment solutions.
By leveraging CAST Highlight ‘s software composition analysis capability to gain insights into their portfolio composition, Vitrana is now able to centrally control 15 mission-critical applications, manage their software supply chain’s open-source components and dependencies, and reduce OSS vulnerabilities by over two thirds—all without disrupting developers.
With CAST Highlight acting as our portfolio control tower, we’ve significantly enhanced our ability to detect and mitigate security vulnerabilities in real-time, reaffirming our commitment to delivering secure and compliant solutions to clients. This proactive approach gives us greater control to address potential threats swiftly, builds trust with clients, and provides their customers with greater peace of mind.
Jagadish Ramaiah
Vitrana CTO
15
mission-critical applications
centrally controlled
Two-thirds
fewer OSS security
vulnerabilities
Challenge
Vitrana operates in highly regulated life science domains, where adherence to global regulatory authorities is essential; the quality of their software must meet the highest standards, with minimal compliance issues or security vulnerabilities.
Because of how hard it was to manually undertake due diligence on the open-source components in their portfolio (e.g. identify security vulnerabilities, license compliance issues, and outdated versions), the team recognized the need to adopt an automated software composition analysis solution within their software development lifecycle (SDLC) process.
Solution
CAST Highlight has produced significant actionable portfolio insights, allowing rapid and meticulous open-source component management. Reports are now generated and distributed to all application owners on a weekly basis while issues are fixed as part of code merge requests in parallel with the development phase itself.
The SDLC process now automatically takes care of compliance, CAST reports are approved before signing off the build for QA, and code quality has improved with better control over the incorporation of open-source software components.
Results
By leveraging CAST Highlight’s software composition analysis (SCA) capability to gain insights into their portfolio composition, Vitrana is now able to centrally control 15 mission-critical applications, manage their software supply chain’s open-source components and dependencies, and reduce OSS vulnerabilities by over two thirds—all without disrupting developers.
