SCA stories

Manifest unveils SBOM generator for unmanaged C and C++ code, tackling critical supply chain blind spots in embedded and safety systems.

RateGain and Juspay unveil RG Pay, an embedded payments layer to boost cross-border checkout performance for global travel brands.

ActiveState appoints seasoned open source leader Abby Kearns as chief executive, sharpening its focus on managed open source security.

Appdome's new Threat-Memory tool stores on-device threat histories and AI scores to counter repeat mobile fraud and account takeovers.

Endor Labs unveils AURI, a security intelligence platform embedding reachability-led checks into AI coding assistants and CI/CD pipelines.

Manifest research reveals executives overestimate AI security readiness, as AppSec teams warn of unmanaged tools, blind spots and rising risk.

Security debt hits 82% of organisations as legacy flaws linger over a year, with third-party code driving most critical vulnerabilities.

Ecommpay launches a free fraud guide for online retailers as UK payment fraud hits GBP £1.17 billion and AI-driven scams rapidly escalate.

Rapid AI and cloud adoption is fuelling a new wave of cyber risk, as Tenable warns of exposed software supply chains and “ghost” identities.

ActiveState launches a 79m-component secure open source catalogue to centralise software supply chains and cut enterprise vulnerability risk.

Armis launches AI-native Centrix platform to secure application code, aiming to cut false alarms and safeguard AI-assisted development.

Veracode upgrades its Package Firewall and testing tools to block malicious software packages before they enter development pipelines.

CloudBolt signs a multi-year AWS pact to tighten sales alignment and boost cloud management, FinOps and Kubernetes optimisation tools.

Checkmarx has been named a leader in the IDC MarketScape ASPM 2025 report for its AI-driven, developer-focused application security platform.

Black Duck has launched a GitHub app to automate security scans, helping development teams identify vulnerabilities early and streamline application security.

GitHub has partnered with Endor Labs, integrating advanced security software to help developers swiftly identify and manage critical vulnerabilities within the platform.

Endor Labs has launched AI Model Discovery, a feature helping businesses identify and manage open source AI models, enhancing application security.

Veracode has acquired Phylum's technology to enhance their ability to combat software threats, addressing rising risks in open-source software security.

Sonatype and OpenText have partnered to create an integrated platform that enhances application security, streamlining compliance and risk management.

Microsoft has integrated Endor Labs' Software Composition Analysis into Defender for Cloud, enabling unified security from code development to runtime.