Sparrow supplied its source code security vulnerability inspection tool, ‘Sparrow SAST,’ to Inorules, a company specializing in digital transformation automation solutions. Inorules establishes a security inspection system with Sparrow SAST to secure product reliability and strengthen software supply chain security.
Inorules is a provider of software product suites for digital transformation. It has customers across various industries such as finance, manufacturing, and distribution. As supply chain attacks exploiting software vulnerabilities increase globally, Inorules adopted Sparrow SAST to ensure the security and integrity of software and provide safe products to its clients.
Sparrow SAST integrates with Inorules’ development environment, including version control tools like Git and SVN, to eliminate potential vulnerabilities from the development stage. The inspection results are also linked to the project management solution (Jira) for continuous management, implementing an automated DevSecOps environment. It is configured so that developers can merge only source code that meets security standards into the version control system, and after development, security personnel perform revalidation of the entire source code, establishing a stepwise security inspection system.
To meet the security vulnerability inspection functions required by Inorules’ clients, Sparrow SAST’s analysis reports are utilized. It verifies code safety and visualizes vulnerability inspection results. Sparrow SAST provides major domestic and international compliances such as the Ministry of the Interior and Safety’s security guide, the Financial Supervisory Service’s electronic financial supervision regulations, and OWASP Top 10. It can diagnose based on necessary security vulnerability standards and produce customized inspection result reports.
Jang Ilsu, CEO of Sparrow, said, "As software supply chains become more complex, vulnerabilities discovered during development and deployment processes must be proactively addressed to prevent supply chain attacks with greater impact." He added, "Inorules is a model case of a software vendor actively utilizing tools to prevent software supply chain attacks."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
