My IBM Log in Try it free

Home

IT automation

Concert

Software Composition Analysis

Minimize software supply chain risk while improving developer productivity

Start your free trial Take a self-guided tour
Track license risks of open-source libraries

Track license risks of open-source libraries

A huge number of applications today contain problematic code that nobody knows about. Problematic source code libraries can be difficult to identify and pose a risk to your applications. Developers and application owners often struggle to maintain applications that use multiple open source and third-party libraries, often leading to licensing risks, among others. High developer turnover amplifies risks when new developers inherit outdated libraries without knowing their issues. This can result in libraries with hidden vulnerabilities—licensing problems, back-level versions, and more—waiting to be exploited.

IBM Concert helps application teams deal with problematic source code libraries and licensing risks by providing visibility into the security and license risk of open-source and third-party libraries.

Why IBM Concert?

  • SBOM vulnerability analysis: Concert analyzes the software composition described in the SBOMs of your applications to look for public (e.g. open source) dependencies that have known vulnerabilities, problematic licensing, are lacking support and maintenance, and have changes in maintainers.
  • Proactive SCA scan: Concert’s application-centric approach to software composition analysis (SCA) helps your teams proactively identify and address risk exposures in open-source packages.
Benefits

Benefits

Remediate SCA risks based on impact

Concert uncovers software composition risk across your supply chain, identifies those with the biggest impact to your application, offers actionable insights and recommends a clear path to remediation.

Keep open-source libraries up to date

Concert gives you clear visibility into the security and license risks of your open-source and third-party libraries. It recommends safer, more secure versions to upgrade to, helping you decide which components to keep or replace for a stronger, more secure application.
Ensure code integrity before production

Concert proactively mitigates vulnerable open-source libraries that are in production and in your pipeline, enabling you to continuously monitor the health of your services.

Get detailed info on malicious packages

Concert highlights relevant package information such as manufacturer/supplier, vulnerabilities, licenses, out-of-support/malicious packages, and proposes alternate versions and packages to effectively protect against malicious packages.
Take the next step

Start your 30 day free trial or talk to an expert live and begin to control your operations with generative AI insights.

 Start your free trial Book a live demo
Overview Annual report Corporate social responsibility Inclusion@IBM Financing Investor Newsroom Security, privacy & trust Senior leadership Careers with IBM Website Blog Publications Automotive Banking Consumer Good Energy Government Healthcare Insurance Life Sciences Manufacturing Retail Telecommunications Travel Our strategic partners Find a partner Become a partner - Partner Plus Partner Plus log in IBM TechXChange Community LinkedIn X Instagram YouTube Subscription Center Participate in user experience research Podcasts United States — English Contact IBM Privacy Terms of use Accessibility