Abstract: This work focuses on holistically increasing security in the Software Composition Analysis (SCA) tool through the practical implementation of technical and organizational measures. Building on a previous security audit, weaknesses in organizational processes and technical components are addressed, further risks are investigated, and countermeasures are designed. The security mechanisms were developed on the basis of uniform and standardized requirements. Taking into account the applicable requirements, a wide range of security-related measures was implemented, covering various sub-areas of the SCA tool. The front end was expanded to include fine-grained control over permitted resources and communication channels. Identity management was supplemented with Multi-Factor Authentication (MFA) for the security of user profiles, and a security-conscious configuration for the lifecycle of a session was introduced. In addition to the technical measures, reporting for security-related events was integrated, on the basis of which countermeasures can be initiated immediately. To prevent the possibility of bypasses, care was taken to ensure that each measure is consistently enforced at all architectural levels of the SCA tool. Overall, the results of this work lead to a robust and maintainable security architecture that specifically supports future extensions of the SCA tool.
Keywords: SCA Tool, Security
PDF: Master Thesis
Reference: Richard Heinz. Enhancing the Security of SCA Tool through the Implementation of Technical and Organisational Safeguards. Master Thesis. Friedrich-Alexander-Universität Erlangen-Nürnberg: 2025.
Discover more from Professorship for Open-Source Software
Subscribe to get the latest posts sent to your email.