The most frequently found high-risk vulnerability was CVE-2020-11023, an XSS vulnerability affecting outdated versions of jQuery, but still present in a third of scanned codebases.
The supply chain risk from vulnerabilities that originate from third-party and open-source code can be mitigated by continuously scanning code throughout the software development life cycle, Veracode advises. Enterprises should modernize their operations to ensure updating, testing, and deploying a new version of a custom application is as efficient as possible.
“Software composition analysis (SCA) achieves this by detecting and managing the risks of third-party and open-source software components through an automated process,” Wysopal said. “It generates software bills of materials (SBOM), scans for vulnerabilities, assesses risk, and provides remediation guidance.”
