Cybeats Technologies and CodeSecure, formerly the products division of GrammaTech and provider of application security testing products, announced a technology partnership to help customers proactively monitor and remediate software supply chain security threats.

“The partnership with CodeSecure is a natural one for Cybeats as our two class-leading solutions complement each other, and will allow us to serve our joint customer base in the key market verticals such as industrial control systems, medical device manufacturers, telecom and transportation,” said Bob Lyle, chief revenue officer, Cybeats. “CodeSecure is able to provide a solution to customers that require a leading BSCA tool and the generation of SBOMs, for effortless end to end SBOM propagation from build analysis to ingestion monitoring and sharing the SBOMs.”

According to industry sources, reused code is prevalent in virtually all software products. The research firm Gartner estimates that 40% to 80% of the lines of code in new software projects come from third parties. Most of this external code comes from myriad open-source projects; the remaining proprietary code comes from suppliers that provide little or no transparency to its status or condition, according to Cybeats.

To address these challenges, the CodeSecure CodeSentry software composition analysis platform will provide binary-derived software bill of materials (SBOM) intelligence to Cybeats for automating the detection, prioritization and mitigation of open source vulnerabilities when source code is not available.

“Together Cybeats Studio and CodeSentry enable customers to detect, manage and remediate security vulnerabilities in open source components to help prevent and better respond to software supply chain attacks like Log4j,” said Andrew Meyer, chief medical officer, CodeSecure. “The integration of CodeSecure and Cybeats provides complete visibility of all known security risks, including actionable insights that reduce business decision time from months to days or even hours, and makes it possible to transition from point in time to continuous SBOM monitoring.”