Overview

Introduction

CodeArts Governance decompresses and scans your software packages and firmware. It performs component feature analysis based on the bill of materials (BOM) to identify possible rule violations. The following lists the vulnerabilities that can be identified.

• Open source software's known vulnerabilities and license compliance risks.
• Security configuration risks in hard-coded credentials, sensitive files (keys, certificate, and debugging tools), OS authentication, and access control.
• Disclosure risks of IP addresses, hard-coded keys, passwords, and Git/SVN repositories.
• Compiler security option risks in binary program compilation.
  Figure 1 Risk items
  

Objects

• Binary software packages and firmware that have been compiled can be scanned.

  For example, Linux installation packages, Windows installation packages, web deployment packages, Android applications, HarmonyOS applications, iOS applications, and embedded firmware.

• Note that source code files cannot be scanned.

Restrictions

• Supported languages: C, C++, Java, Go, JavaScript, Python, Rust, Swift, C#, and PHP
• Supported file formats: as described in Notes and Constraints.
• Each file you upload cannot exceed five GB.
• It usually takes six minutes to scan a 100-MB file. The scanning duration depends on the format and type of the file.
• Binary SCA scans software vulnerabilities by version. Even if vulnerabilities are fixed with patches, they will still be detected.