Conceptual docs for the Spectra Assure platform
Understand the central concepts and features of Spectra Assure products, and learn how they can help you improve your software security, quality, and development processes.
The Spectra Assure platform is a set of ReversingLabs solutions primarily designed for software assurance and software supply chain security use-cases.
What is software assurance?
Software assurance encompasses various activities and methodologies that aim to identify vulnerabilities, improve code quality, and mitigate potential threats before malicious actors can exploit them. The goal of software assurance is to create a fortified environment through continuous monitoring, testing, and improvement. It goes beyond reactive measures (such as patching vulnerabilities after they're discovered) and focuses on preventing vulnerabilities from arising in the first place. By implementing software assurance practices, organizations can significantly reduce the risk of breaches, data leaks, and downtime, ultimately safeguarding their reputation.
Learn about other core concepts in the glossary.
What is software supply chain security?
Software supply chain security (SSCS) is a comprehensive process of securing the components, activities, and practices involved in the creation and deployment of software. It encompasses every step of the software development lifecycle (SDLC), from initial coding to final deployment, ensuring the integrity, authenticity, and reliability of the software throughout its journey from conception to production. By focusing on software supply chain security, organizations can reduce their exposure to threats, align with regulatory requirements, and preserve the trust and confidence of customers, partners, and stakeholders.
Learn about other core concepts in the glossary.
More specifically, Spectra Assure helps users protect their software supply chains by analyzing compiled software packages, their components and third-party dependencies to detect exposures, reduce vulnerabilities, and eliminate threats before reaching production.
Every Spectra Assure analysis (software scan) produces a set of reports and the overall CI status (pass or fail) for the analyzed software package.
Detailed analysis reports reveal deployment risks, software behavior changes, and indicators of malicious tampering that source code analysis and legacy AppSec tools typically miss. The Spectra Assure reports offer deeper visibility into third-party software risk while providing all software provenance information required for compliance purposes.
The Spectra Assure platform offers considerable flexibility by letting users choose the most suitable product for their needs:
- rl-secure, a standalone CLI tool for Windows and Linux
- Spectra Assure Portal, a ReversingLabs-hosted SaaS solution with a public API for advanced workflows
- CI/CD integrations with official Docker images and plug-and-play configuration files for all popular CI/CD services
All products are powered by the same threat detection engine and share the same set of key features that distinguish the Spectra Assure platform from other software security products on the market.