New updates have been reported about NetRise.
Claim 30% Off TipRanks
- Unlock hedge fund-level data and powerful investing tools for smarter, sharper decisions
- Discover top-performing stock ideas and upgrade to a portfolio of market leaders with Smart Investor Picks
NetRise has introduced NetRise Provenance, a new module within its software supply chain security platform that maps risk associated with open-source contributors and maintainers across enterprise software and connected devices. By enriching software bills of materials with contributor identity, advisory history, and dependency blast-radius analysis, the product is designed to give buyers, risk teams, and developers a direct view into how far malicious or high-risk maintainers’ code propagates across portfolios.
For enterprises that procure and operate software, Provenance provides previously unavailable visibility into project health, sanctions exposure, and regulatory considerations such as OFAC compliance, connecting who is behind a component to where it runs and how exploitable it is. For organizations that build and ship software, the product adds a policy engine that can automatically fail builds when dependencies cross defined risk thresholds, enabling CI systems to enforce contributor and provenance policies in real time.
The new capability is tightly integrated with NetRise’s binary-based software asset inventory, extending its existing strength in identifying components in firmware, kernels, containers, and applications to now include trust and identity context about maintainers and organizations. Executives gain incident-scoping tools through blast-radius and dependency analysis views, allowing security and compliance teams to determine in minutes where a compromised maintainer or project appears across products, services, and vendors.
CEO Thomas Pace framed the launch as a response to recent software supply chain incidents where attackers gained trust as maintainers before injecting malicious code into widely used packages, creating a discovery and response challenge for enterprises. CTO Michael Scott highlighted that Provenance is designed to answer, at scale and in near real time, the question of where a specific contributor’s code ultimately runs across an environment, including for binaries where traditional source-based tools lack visibility.
NetRise positions Provenance as a step toward a broader software trust platform that links code, people, and policy in one system of record for software buyers and builders. The product is available now as part of the NetRise Platform and accessible via API, CLI, and GitHub integration, targeting enterprises, software and device manufacturers, consultancies, and public sector organizations that need faster, more defensible decisions on software deployment, third-party risk, and regulatory reporting.