For embedded system software development

Integrated Solutions

From project management to design and verification for international standards compliance!

Deep SCA with reduced false positives through component/file/function 3-layer matching and patented pattern & signature analysis

Labrador SCA

An automated Software Composition Analysis (SCA) solution that analyzes source code, binaries, and containers to accurately identify and manage open-source vulnerabilities and license risks

#SCA #DeepSCA #3LayerMatching #PatternMatching #OSS #SBOM #SupplyChainSecurity #Compliance #AIValidation

Labrador SCA is a software composition analysis solution that automatically analyzes and manages open-source vulnerabilities and license risks across source code, binaries, and containers. With patented 3-layer analysis and AI validation, it enables highly precise vulnerability detection, supports SBOM generation aligned with international standards, and provides policy-based vulnerability management—strengthening software supply chain security and compliance readiness.

Key Features

1
Precise 3-layer matching analysis
Provide comprehensive results without omissions by precisely identifying open-source components through 3-layer analysis at component, file, and function levels.
2
Patented code signature analysis
Enable accurate identification even in obfuscated or modified code by applying patented code pattern and function signature analysis techniques.
3
Detection even when licenses are altered or removed
Reliably identify open-source licenses even when license comments are deleted or code is tampered with.
4
Low false positives with clear evidence
Support security decision-making by providing detection results that minimize false positives, along with clear evidence for vulnerability and license determinations.
5
Full support for on-premise and air-gapped environments
Operate reliably even in on-premise and air-gapped environments without external network access—ideal for organizations with strict security requirements.

Key Capabilities

1
Open-source license identification and conflict detection
• Automatically identify open-source licenses in use and proactively detect conflicting license risks within projects
View More
2
Vulnerable component version identification and replacement guidance
• Accurately identify vulnerable component versions and provide safe replacement versions and response guidance
View More
3
Project- and product-level SBOM generation
• Automatically generate SBOMs by project or product to systematize supply chain security and regulatory readiness
View More
4
Policy-based approvals/blocks and exception management
• When building IVAS, approve or block open-source usage based on organizational policies and centrally manage exceptions
View More

Industries

Automotive Semiconductor Aerospace & Defense Government & Public Sector Healthcare Financial Services

Use Cases

1
Automotive
• Precisely identify unauthorized open source by matching source and third-party modules via 3-layer component/file/function analysis

• Block prohibited licenses and potential conflicts early at the build stage

• Generate release-level SBOMs and reports to respond to OEM supply-chain audits
2
Aerospace & Defense
• Perform deep SCA based on patterns and signatures in air-gapped environments for stable operation even on defense networks

• Provide evidence-based identification even when license comments are deleted or code is modified

• Generate configuration-level reports for compliance with weapon system software development and management manuals
3
Financial Services
• Trace internal frameworks and external libraries down to the function level to guide license obligations

• Block prohibited/high-risk licenses by policy and suggest alternatives

• Accumulate scan results and remediation history as audit evidence
4
Semiconductor
• Precisely match open source embedded in design-support tools and firmware using 3-layer analysis

• Reduce reuse risk by verifying inclusion of third-party IP and SDKs
5
Healthcare
• Trace third-party code in medical software down to the function level to guide license obligations

• Support audit-ready documentation by leaving evidence of external module sources in reports

• Stable operation even in strictly regulated environments through air-gapped deployment
6
Government & Public Sector
• Prevent unauthorized use by precisely matching open source in public portals and internal business systems

• Block prohibited licenses and conflicts by policy and record remediation actions

• Use result reports as supporting evidence for reviews and audits

Key Clients

Software & IT Services
  • 삼성전자 logo image
Government & Public Sector
  • 전자부품연구원 logo image

Share MDS Intelligence content on your SNS!

MDS Intelligence Contact

Contact Us Directly

An MDS Intelligence specialist will assist you accurately and promptly.

Inquire About Labrador SCA