Development of microservice for comparing software composition analysis tool
There is a growing number of open source libraries and it is commonly used within projects today to reduce the workload of software developers. However, the risk that comes with using open source libraries is that vulnerabilities are commonly found within these libraries due to their open source nat...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Final Year Project |
| Language: | English |
| Published: |
Nanyang Technological University
2020
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/138792 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| id |
sg-ntu-dr.10356-138792 |
|---|---|
| record_format |
dspace |
| spelling |
sg-ntu-dr.10356-1387922020-05-12T10:57:54Z Development of microservice for comparing software composition analysis tool Chua, Benjamin Rui Hern Liu Yang School of Computer Science and Engineering Scantist yangliu@ntu.edu.sg Engineering::Computer science and engineering::Software::Software engineering There is a growing number of open source libraries and it is commonly used within projects today to reduce the workload of software developers. However, the risk that comes with using open source libraries is that vulnerabilities are commonly found within these libraries due to their open source nature. The purpose of Software Composition Analysis (SCA) tools is to address to issue. SCA tools provides a list of dependencies used within the project and any vulnerabilities associated with it. There are currently multiple SCA tools on the market such as Scantist, Snyk, Whitesource and Blackduck all claiming to provide accurate results. This project focused on building a microservice to automate the scanning of repositories across multiple SCA tools on the market. After which projects were scanned and the results were compared to determine the similarity among the results of the Software Composition Analysis tools. The project was split into 3 main portions, obtaining the repository to scan, scanning the repository through the SCA tools and finally obtaining and parsing the results into the desired format. The comparison used repositories that uses specific package managers such RubyGem, NPM and Maven. These projects were scanned using the microservice to obtain the results across the SCA tools. The results were then compared by finding the number of dependencies and vulnerabilities that were similar among the SCA tools’ results. Bachelor of Engineering (Computer Engineering) 2020-05-12T10:57:54Z 2020-05-12T10:57:54Z 2020 Final Year Project (FYP) https://hdl.handle.net/10356/138792 en SCSE19-0325 application/pdf Nanyang Technological University |
| institution |
Nanyang Technological University |
| building |
NTU Library |
| country |
Singapore |
| collection |
DR-NTU |
| language |
English |
| topic |
Engineering::Computer science and engineering::Software::Software engineering |
| spellingShingle |
Engineering::Computer science and engineering::Software::Software engineering Chua, Benjamin Rui Hern Development of microservice for comparing software composition analysis tool |
| description |
There is a growing number of open source libraries and it is commonly used within projects today to reduce the workload of software developers. However, the risk that comes with using open source libraries is that vulnerabilities are commonly found within these libraries due to their open source nature. The purpose of Software Composition Analysis (SCA) tools is to address to issue. SCA tools provides a list of dependencies used within the project and any vulnerabilities associated with it. There are currently multiple SCA tools on the market such as Scantist, Snyk, Whitesource and Blackduck all claiming to provide accurate results.
This project focused on building a microservice to automate the scanning of repositories across multiple SCA tools on the market. After which projects were scanned and the results were compared to determine the similarity among the results of the Software Composition Analysis tools. The project was split into 3 main portions, obtaining the repository to scan, scanning the repository through the SCA tools and finally obtaining and parsing the results into the desired format. The comparison used repositories that uses specific package managers such RubyGem, NPM and Maven. These projects were scanned using the microservice to obtain the results across the SCA tools. The results were then compared by finding the number of dependencies and vulnerabilities that were similar among the SCA tools’ results. |
| author2 |
Liu Yang |
| author_facet |
Liu Yang Chua, Benjamin Rui Hern |
| format |
Final Year Project |
| author |
Chua, Benjamin Rui Hern |
| author_sort |
Chua, Benjamin Rui Hern |
| title |
Development of microservice for comparing software composition analysis tool |
| title_short |
Development of microservice for comparing software composition analysis tool |
| title_full |
Development of microservice for comparing software composition analysis tool |
| title_fullStr |
Development of microservice for comparing software composition analysis tool |
| title_full_unstemmed |
Development of microservice for comparing software composition analysis tool |
| title_sort |
development of microservice for comparing software composition analysis tool |
| publisher |
Nanyang Technological University |
| publishDate |
2020 |
| url |
https://hdl.handle.net/10356/138792 |
| _version_ |
1681058929002414080 |