Lineaje SCA360 Installation

About Lineaje SCA360 Installation

Lineaje SCA360 installation simplifies software composition analysis for organizations that cannot share source code externally due to compliance or privacy requirements. It bundles the SCA360 and its dependencies into a pre-configured Amazan Machine Image (AMI), making deployment on an Amazon Elastic Compute Cloud (EC2) instance fast and secure. With SCA360, you can scan source code repositories (e.g., GitHub) and container images (e.g., Amazon ECR) for vulnerabilities, enable auto-remediation of critical and high severity issues, generate Software Bill of Materials (SBOMs), and automate metadata uploads for vulnerability analysis and risk insights, all within your own environment.

SCA360 Automated Workflow Overview

After your CI/CD pipeline creates a metadata file with project details, repository URL, and image hash, and you upload it to Amazon S3, Lineaje SCA360 retrieves credentials securely from AWS Secrets Manager for private repositories and scans the source repository or container image within your environment, ensuring sensitive code remains private.

After scanning, SCA360 sends a meta bomb, a tarball of dependency information, not source code, to the Lineaje tenant, where a fix plan is generated using gold open-source package. SCA360 applies fixes by creating a new branch, updating vulnerable dependencies, and optionally triggering your CI/CD pipelines for testing. If tests succeed, a pull request is raised for review and merge. This process uses AWS services such as EC2 for compute, S3 for storage, KMS for encryption, IAM roles for permissions, and Secrets Manager for secure token management, along with GitHub for source code hosting, enabling secure and automated SBOM generation and vulnerability remediation.