Book a demo
BOOK A DEMO

Manage your open-source risks in one place

Proactively manage, benchmark, and optimize your open source software (OSS) libraries and ensure resilient software development.

Get in touch

Sigrid's Open-Source Health feature is a software composition analysis that addresses vulnerabilities, licence compliance, and legal issues within your libraries head on.

Yellow dots representing SIG branding

How it works

A group of people in an office reviewing data of Sigrid's feature of Open source Health on computer monitors.

Get a complete software composition analysis

Sigrid evaluates your open source libraries across six key areas: known vulnerabilities, freshness, activity, stability, management, and legal licenses. This ensures a thorough examination of the software's reliance on open source components and their risks.

Receive a benchmark-based score

Much more than just an SCA tool, Sigrid's Open-Source Health feature includes a benchmark-based star rating system. This scoring method offers a consistent standard aligned with current market data and industry best practices, changing how you perceive and act upon open-source risks.

This is a mockup of image of people working at desks with multiple computer screens displaying data dashboards of open source health feature .
This is a mockup of an image two people working on a computer in an office.

Enhance collaboration with goal-driven IT objective setting

Set custom software composition analysis goals based on your unique business context. Prioritize open source security measures and governance with these goals and ensure alignment with organizational objectives.

Leverage AI-powered vulnerability advice

Sigrid utilizes AI to provide detailed explanations and actionable mitigation advice tailored to each technology, drawing from a vast knowledge base and best-in-class public data sources.

Sigrid® AI assistant mockup

1

Strengthen open-source security

Gain confidence in the security of your open-source components with insights for informed vulnerability management.

2

Prioritize vulnerability fixes objectively

Benchmark your software composition analysis against market standards to gauge how your risk levels stack up against industry peers and competitors.

3

Optimize open-source component management

Sigrid aggregates data across all systems, helping you mitigate risks effectively—including upgrading, replacing, or protecting libraries.

How Sigrid works

01
Upload your source code
Upload your source code to Sigrid for benchmarking against the world’s largest software database. 

Your single source of truth for software excellence  

Book a demo
300+ billion lines of code in our database  
20,000+ systems analyzed  
300+ technologies supported
02
Get prioritized recommendations 
Sigrid analyzes your source code and delivers improvement recommendations prioritized by impact and ROI. 

Your single source of truth for software excellence

Book a demo
300+ billion lines of code in our database  
20,000+ systems analyzed
300+ technologies supported
03
Leverage 25 years of software expertise 
Level up your IT teams and processes with tailored advice based on your business objectives. 

Your single source of truth for software excellence

Book a demo
300+ billion lines of code in our database
20,000+ systems analyzed
300+ technologies supported
04
Continuously monitor your software portfolio 
Sigrid continuously monitors your software landscape, providing ongoing insights to ensure high standards of code quality, security, and performance.

Your single source of truth for software excellence

Book a demo
300+ billion lines of code in our database
20,000+ systems analyzed
300+ technologies supported

Your single source of truth for software excellence  

Book a demo
300+ billion lines of code in our database  
20,000+ systems analyzed  
300+ technologies supported

Your single source of truth for software excellence

Book a demo
300+ billion lines of code in our database  
20,000+ systems analyzed
300+ technologies supported

Your single source of truth for software excellence

Book a demo
300+ billion lines of code in our database
20,000+ systems analyzed
300+ technologies supported

Your single source of truth for software excellence

Book a demo
300+ billion lines of code in our database
20,000+ systems analyzed
300+ technologies supported
  • “Thanks to Sigrid, we've significantly enhanced our expanding software portfolio's quality, slashing maintenance costs by 75%, effectively mitigating open-source security risks, and allowing us to make better-informed investment decisions.”

    Anthony Fitzpatrick,

    VP Engineering at Kallidus

Start taking control of your open-source risks today 

Get in touch

Frequently asked questions

What exactly does Sigrid's Open Source Health feature analyze?

Sigrid's Open Source Health (OSH) analyzes your project's dependencies in three key areas: known vulnerabilities, dependency freshness, and license usage. It scans configuration files from common dependency management systems like Maven, NPM, and NuGet to gather this information. You can find more details in the Open Source Health documentation.

How does Sigrid detect vulnerabilities in open source libraries?

Sigrid uses multiple data sources to identify vulnerabilities, including the National Vulnerability Database (NVD), Sonatype OSS Index, Google OSV, and the GitHub Security Advisory API. It cross-references your project's dependencies against these databases to flag known security issues.

How does Sigrid handle internal dependencies in OSH scans?

Sigrid can filter out internal dependencies to avoid exposing sensitive information, but this requires manual configuration by SIG. If you need this, make sure to inform SIG about your internal dependencies and their naming conventions before onboarding.

Why are some vulnerabilities in Open Source Health missing CVE numbers?

While most ecosystems link vulnerabilities to CVEs, some provide their own data that isn't connected to the CVE system. Sigrid gathers data from multiple sources, so you might occasionally see vulnerabilities without CVE numbers.

How does Sigrid determine the risk levels (low-medium-high) for open source issues?

The risk thresholds are displayed as a mouseover on the Open Source Health page in the top tile that summarizes risks. For the most up-to-date information, check the Open Source Health documentation.

How often should I run Open Source Health scans?

We recommend running OSH scans regularly, ideally as part of your CI/CD pipeline. This ensures you catch any new vulnerabilities or outdated dependencies quickly. You can set this up using our Sigrid CI integration.

Can Sigrid help with license compliance for open source libraries?

Yes, Sigrid's Open Source Health feature includes license analysis. It identifies the licenses of your dependencies and flags any potential compliance issues. This can help you avoid legal risks associated with certain open source licenses. standalone SCA tools

How does Sigrid's Open Source Health compare to standalone SCA tools?

While standalone Software Composition Analysis (SCA) tools focus solely on dependencies, Sigrid's OSH is part of a broader software quality platform. This integration allows you to see how open source usage relates to other aspects of your software health, providing a more comprehensive view. You can learn more about Sigrid's approach in our product overview.

Experience Sigrid live

Request your demo of the Sigrid® | Software Assurance Platform:
  • This field is for validation purposes and should be left unchanged.

Register for access to Summer Sessions

This field is for validation purposes and should be left unchanged.
Name*
Privacy*