The 2025 Software Supply Chain Security Report

Read Annual Report

Score the best Anti-Hack Backpack at RSAC 2025 - Booth N-4428

Schedule a Meeting

Looking for an alternative to VirusTotal? We've got you covered.

Solutions

Software Supply Chain Security

Assess and Manage Third-Party Software Secure Build and Release Protect Virtual Machines Secure Open-Source Software Go Beyond the SBOM

File Security

Increase Email Threat Resilience Detect Malware in File Shares and Storage Advanced Malware Analysis Suite

Security Operations

Scalable File Analysis High-Fidelity Threat Intelligence Curated Ransomware Feed Automate Malware Analysis Workflows

Product & Technology

Products

Spectra Assure Software Supply Chain Security Spectra Detect High-Speed, High-Volume, Large File Analysis Spectra Analyze In-Depth Malware Analysis & Hunting for the SOC Spectra Intelligence Authoritative Reputation Data & Intelligence

Technology

Spectra Core Integrations

Partners

Partners

Become A Partner Value Added Partners Technology Partners Marketplaces

Alliances

Alliances

Resources

Resources

Blog Content Library ConversingLabs Podcast Customer Stories DEMO Videos Documentation Learning with ReversingLabs Open Source YARA Rules Public Sector Solutions Software Deconstruction Demo Series Webinars

Company

Company

About Us Leadership Careers Series B Investment Company News

Events

Events

Press

Press Releases In the News

Request a Demo

Contact Us Support Login Blog Developer Portal Search

ReversingGlass

What is Software Supply Chain Security Scanning?

01/19/2023

In this lesson, Matt explains why it is essential to integrate automatic software supply chain security scanning into the traditional DevOps process.

Keep learning

• SBOMs are critical — but only the first step
• Special: The State of Supply Chain Security
• Get a free SBOM and supply chain risk analysis

Share this:

Matt Rose ReversingLabs

Field CISO at ReversingLabs. Matt Rose has an extensive background in application security, object-oriented programming, multi-tier architecture design and implementation, and internet/intranet development. His areas of expertise include Application Security, SAST, DAST, IAST, SCA, DevSecOps, and Threat Modeling. Matt is an accomplished public speaker and has been quoted in 50+ AST industry media publications.

Related episodes

Reproducible Builds: Graduate Your Application Security

Reproducible Builds: Graduate Your Application Security

What You Need to Know About Tampering

What You Need to Know About Tampering

Development Secrets: Shhhh... It's a Secret

Development Secrets: Shhhh... It's a Secret

The State of SSCS 2024: It's a Big Deal

The State of SSCS 2024: It's a Big Deal

ReversingGlass: ESF calls for software package final exams

ReversingGlass: ESF calls for software package final exams

ReversingGlass: Binary Analysis for SSCS

ReversingGlass: Binary Analysis for SSCS

Threat modeling meets the SBOM: Why continuous is key

Threat modeling meets the SBOM: Why continuous is key

ReversingGlass: EO on AI: What security teams need to know

ReversingGlass: EO on AI: What security teams need to know

ReversingGlass: Software Supply Chain Attacks How vs. What

ReversingGlass: Software Supply Chain Attacks How vs. What

ReversingGlass: NIST CSF 2.0

ReversingGlass: NIST CSF 2.0

ReversingGlass: EPSS 3.0 + CVSS: Why Prioritizing Software Risk is Key

ReversingGlass: EPSS 3.0 + CVSS: Why Prioritizing Software Risk is Key

ReversingGlass: Happy Birthday, ReversingGlass

ReversingGlass: Happy Birthday, ReversingGlass

ReversingGlass: How Software Supply Chains Go Wrong

ReversingGlass: How Software Supply Chains Go Wrong

ReversingGlass: CISA SBD/SBD is HARD

ReversingGlass: CISA SBD/SBD is HARD

ReversingGlass: Trust must be complete

ReversingGlass: Trust must be complete

Why the Time Is Now for SSCS

Why the Time Is Now for SSCS

The Differences Between Vulnerabilities and Malware

The Differences Between Vulnerabilities and Malware

ReversingGlass: Must See at Black Hat

ReversingGlass: Must See at Black Hat

Software Security: Why Trust Matters

Software Security: Why Trust Matters

ReversingLabs at Black Hat 2023

ReversingLabs at Black Hat 2023

ReversingGlass: Shift Up Your Software Bill of Materials

ReversingGlass: Shift Up Your Software Bill of Materials

Forget Shift Left. Shift Up Instead.

Forget Shift Left. Shift Up Instead.

ReversingLabs @ InfoSecurity Europe 2023

ReversingLabs @ InfoSecurity Europe 2023

Application Hacks vs Software Supply Chain Hacks

Application Hacks vs Software Supply Chain Hacks

Behaviors and Diffs: Better Together for Software Security

Behaviors and Diffs: Better Together for Software Security

Reversing Glass on ReversingLabs

Reversing Glass on ReversingLabs

AI and Application Security: Proceed with Caution

AI and Application Security: Proceed with Caution

What the heck is a Software Bill of Materials?

What the heck is a Software Bill of Materials?

Supply Chain Risks in Art and Life ... Even the 'The Simpsons'

Supply Chain Risks in Art and Life ... Even the 'The Simpsons'

Why CISA Secure by Design is Just a Starting Point

Why CISA Secure by Design is Just a Starting Point

ReversingLabs at RSA 2023 | ReversingGlass

ReversingLabs at RSA 2023 | ReversingGlass

SSCS Use Cases Are Growing

SSCS Use Cases Are Growing

Full-Coverage Supply Chain Security Explained

Full-Coverage Supply Chain Security Explained

How to Define Software Supply Chain Security

How to Define Software Supply Chain Security

Get Smart With Your Software Supply Chain Security

Get Smart With Your Software Supply Chain Security

The DNA of Software Supply Chain Security

The DNA of Software Supply Chain Security

A Brief History of App Sec: Why Software Supply Chain Security Is Now

A Brief History of App Sec: Why Software Supply Chain Security Is Now

C-SCRM: Much-needed definition for software supply chain policy & processes

C-SCRM: Much-needed definition for software supply chain policy & processes

ReversingLabs vs VirusTotal

ReversingLabs vs VirusTotal

SCA Is Good. SSCS Is Better.

SCA Is Good. SSCS Is Better.

Typosquatting and software supply chain security

Typosquatting and software supply chain security

What the heck are secrets?

What the heck are secrets?

What is Software Supply Chain Security Scanning

What is Software Supply Chain Security Scanning

CircleCI Hack & Software Supply Chain Risks

CircleCI Hack & Software Supply Chain Risks

What is ReversingGlass?

What is ReversingGlass?

Beyond the SBOM: Next steps are essential for secure software

Beyond the SBOM: Next steps are essential for secure software

DNA of an App: Why Traditional App Sec Testing Misses Modern Threats

DNA of an App: Why Traditional App Sec Testing Misses Modern Threats

Executive Order 14028: Securing Software Supply Chains

Executive Order 14028: Securing Software Supply Chains

Load more

Follow us

X
YouTube
LinkedIn
Bluesky

Subscribe

Get the best of RL Blog delivered to your in-box weekly to stay up to date on key trends, analysis and best practices across threat intelligence and software supply chain security.

Special Reports

The 2025 Software Supply Chain Security Report

The 2025 Software Supply Chain Security Report

Software supply chain attacks are an increasingly popular tool for malicious actors. And the rapid embrace of AI and machine learning (ML) tools is introducing new supply chain risks. Here's what your organization needs to know.

March 12, 2025

Get Started
Request a DEMO

Learn more about how ReversingLabs can help your company reduce attack surface risks with deep software and file threat analysis to speed release and response.

Spectra Assure Free Trial

Get your 14-day free trial of Spectra Assure™

Get Free Trial

Blog
Webinars
Demo Videos

Events
In the News
Glossary

About Us
Careers
Contact Us

Privacy Policy | Cookies | Impressum

All rights reserved ReversingLabs © 2025