The average application consists of 106 open source components.


A typical application contains 23 known vulnerabilities.


Most applications indicate at least 8 GPL licensed components.


Many components in use are old, unsupported, and unpopular.

“Zero tolerance for risk is why some customers require us to provide proof that our applications do not contain hidden security or licensing vulnerabilities.  By partnering with Sonatype, we’re able to provide our customers with a detailed Software Bill of Materials validating that VMTurbo applications consist of only the highest quality open source components.”

- Sylvia Isler, Chief Architect at VMTurbo

Three steps to a Software Bill of Materials:

  1. Download Nexus Vulnerability Scanner
  2. Open the Nexus Vulnerability Scanner and select an application to examine
  3. Review Scan Report (see sample here)

Please Note: When running AHC you can examine a sample application, or you can examine your own application.  Examining your own application does not expose your source and binary code in any way.

AHC Zoom3 copy.png