User Guide
About this guide
Welcome to the MetaDefender Software Supply Chain guide. This guideline is intended to provide the information you need to:
- Install, set up, and configure the product to begin scanning source code and docker images from various repositories (GitHub, DockerHub, Amazon ECR, Quay, etc.)
- Seamlessly integrate with your preferred version control and container registry provider(s)
- Initiate the analysis process to scan for malware, secrets or open source vulnerabilities
- Get actionable intelligence via a real-time comprehensive dashboard or emailed automated reports
- Learn about new features, updated features, and bug fixes
- Learn about frequently asked questions and additional concepts through our library of knowledge base article
Service integrations
| Service Category | Service Vendor |
|---|---|
| Source Code Services | GitHub & GitHub Enterprise |
| Bitbucket Cloud & Bitbucket Data Center | |
| GitLab | |
| Container Services | DockerHub |
| JFrog Containers | |
| Amazon ECR | |
| Quay | |
| Azure Container Registry (ACR) | |
| Binary Services | JFrog Artifactory |
MetaDefender Software Supply Chain offers enterprises the ability to protect their stored data from malicious malware attacks, data breaches and Zero-Day threats by using OPSWAT’s industry-leading Multiscanning and SBOM detection technologies. It helps organizations avoid compliance violations such as leaking sensitive data by leveraging the secret detection module.
The ability to view all the data stored in multiple cloud-based storage and collaboration solutions like GitHub repositories, container services such as DockerHub, Amazon ECR, and Quay and binary services like JFrog Artifactory provides IT professionals insight into the health of their entire storage at any given time. This comprehensive coverage ensures visibility into the status and performance of both source code repositories and containerized applications across various cloud-based platforms.
Automated and actionable reports identify threats and risks associated with users and services for quick remediation actions.
With the native integration between MetaDefender Software Supply Chain and MetaDefender Core, immediate detection, remediation, and prevention of malicious content is ensured.
Learn more about the Software Bill of Materials (SBOM) technology and the importance of staying compliant and secure in the software supply chain by visiting opswat.com/technologies/sbom.
MetaDefender Software Supply Chain offers the following capabilities:
Integration with:
- source code services such as GitHub, Bitbucket Cloud and DataCenter
- container services such as DockerHub, Amazon ECR and Quay, Jfrog Containers, Azure Containers
- binary services such as JFrog Artifactory
Unified Dashboard
Superior Reporting
Report History
Easy Setup and Integrations
User Management
Automation and Customization of Workflows
Monitoring and Logging for all user actions
Technologies:
- Malware scanning with 5 AVs (default package): ClamAV, Avira, AhnLab, Varist, Tachyon.
- Proactive DLP detects secrets in your source code and container.
- SBOM detects opensource vulnerabilities, licenses.