MaterialCentral is an end-to-end security scanning, management and prioritization platform developed by TekFive. It supports multiple type of scans including Software Compositional Analysis (SCA), Dynamic Application Security Testing (DAST), SSL, Secret Detection, Misconfiguration, Accessibility, and Usability Scans.
If you are interested in learning more about this solution please contact us at materialcentral@tekfive.com.
MaterialCentral Top Features
Open-Source & Proprietary Scanner Integration
MaterialCentral offers built-in compatibility with a variety of scanners, such as Trivy, Grype, Syft, DependencyCheck, ZAP, Lighthouse, TruffleHog, Pa11y, Nikto, SQLmap, SSLscan, and OpenSCAP. Beyond these supported scanners, MaterialCentral features a modular analyzer framework that enables straightforward integration of additional scanners into the platform.
Enhanced Supply Chain Security
MaterialCentral delivers a robust set of features to bolster your supply chain security. It records and indexes all materials (such as libraries, packages, and more) from scanned container images and source code repositories, making this data readily available through the Material Search functionality. This feature enables you to quickly identify which applications and dependencies rely on specific components, while also allowing you to export a Software Bill of Materials (SBOM) from these sources for seamless integration with other systems.
Jira Integration
MaterialCentral is able to create and synchronize Jira issues based upon findings from scans. When previously discovered findings are no longer present from the latest scan, MaterialCentral will automatically close the issue out with details about the latest scan. Each application scanned by MaterialCentral can be configured with its Jira project key so that new issues created by MaterialCentral show up in the correct project and backlog.
Detailed Reporting
MaterialCentral provides the numerous reports which can be viewed within the web application or scheduled to be delivered via. email as a PDF. Some of the reports included: Stale Container Report, Scan Activity, Findings, Overdue Findings, Stale Materials, Nexus Synchronization, Jira Synchronization, and Risky Vulnerabilities.
Vulnerability Priority Management
Organizations are overwhelmed by the number of vulnerabilities reported on their software. Vulnerability severity is an important prioritization metric but isn't always an indicator of which vulnerabilities are at the greatest risk of being exploited. MaterialCentral provides a number of metrics in addition to severity that organizations can pick an choose in order to establish their risk and priority profile including Exploit Prediction System and CISA Known Exploited Vulnerabilities Catalog.
Scheduled & Continual Scanning
MaterialCentral provides a number of scanning tools to ensure the quality of your application before updates are published to live environments. New vulnerabilities will often be discovered after an application update is released that did not show up in the initial scan. It's important to continually scan your application after go-live to be notified when these vulnerabilities are revealed. All scans within MaterialCentral can scheduled to execute automatically on a recurring basis.
Real-Time Alerts & Notification
When new vulnerabilities are published and discovered in your applications it can be important that stakeholders are made aware of this as soon as possible. MaterialCentral can be configured to send out alerts of new vulnerabilities that meet a certain threshold to both email and Slack channel.
API
MaterialCentral provides a full featured REST based API that can be used to systematically access all its functionality. This allows MaterialCentral to easily be integrated with your CI/CD pipeline or other systems of interests.
Scan Results
MaterialCentral provides a consistent and unified results view of all the supported scan types. The results of a scan can easily be exported as a PDF or Excel spreadsheet for use with other systems.
Vulnerability Prioritization
MaterialCentral provides a number of metrics to order and prioritize vulnerability remediation including, CVSS Score & Severity, EPSS Score, Analyzer Confidence, and Known Exploited Vulnerability.
CVSS Calculator
MaterialCentral provides an intuitive CVSS calculator for Common Vulnerability Scoring System 2 and 3 vectors to perform environmental and temporal scoring on a Software Composition Analysis finding. This calculator can be used to override the base score for vulnerabilities to make the severity rating more accurate in the current environment.
Materials Search
Materials (artifacts and/or libraries) identified in container images from Software Composition Analysis scans can be searched on within the MaterialCentral web interface to quickly identify which containers or code repositories have dependencies on certain packages or libraries.
Stale Container Report
A report that shows container repository findings based upon a detailed search criteria.
DOM Based Web Spider
MaterialCentral uses a custom Document Object Model (DOM) based web spider for all Dynamic Application Security Testing and usability-based scans. This spider works on Single Page Applications where all browser content is generated on the client side as well as more traditional server-side generated applications.
Risky Vulnerabilities Report
This report details all active vulnerabilities that have an Exploit Prediction Scoring System score of 50% or more and a CVSS severity of Medium or higher. This report also includes details from CISA’s Known Exploited Vulnerabilities catalog.
