Webinar Description:

一个阿f the most common complaints of SCA tools from developers is that they generate far too many results, requiring them to fix lots of vulnerabilities that don’t in reality, pose any risk. This wastes time, money and lowers productivity.

Join us for a fun packed webinar (yes really!) to learn how to avoid this downward spiral so many developers get sucked into. The webinar will cover the following:

• How in many instances, these results are being inefficiently or incorrectly prioritized because of lack of context.
• How traditional CVSS scoring methods create even more complications, as they don’t take into account specific configurations, security mechanisms and other attributes of the analyzed software.
• How some CVEs will show a high CVSS score, but are more than likely not even relevant to you because they will never see the light of day.

JFrog has a first-of-its-kind capability - Container Contextual Analysis, which we brought to Docker container scanning first: that examines the applicability of identified CVEs, by deeply analyzing the container and its specific contents and attributes. It indicates whether the CVE is applicable (or not) to that specific container image. Whether deemed applicable or not we recommend concrete, actionable remediation steps that take into account relevance to your build (with proof points).

How much time and money can you save if you only focused on fixing what you need to rather than simply “fixing everything?”