Abstract
The supply of open source and open source components is growing at an alarming rate, while vulnerabilities in open source components are everywhere. Software supply chain analysis aims to discover third-party components and open source code used in a software, and analyze the software’s dependence on components. In this paper, we propose a software component analysis method and a known vulnerabilities detecting method. By scanning the open source components of the binary file and conducting vulnerability analysis, the known vulnerabilities are detected. This paper mainly solves the problem of detecting known vulnerabilities in the supply chain of binary files. We conducted a case analysis and achieved good results.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
