Lineaje launches AI-powered self-healing for software security

Lineaje has announced new end-to-end capabilities aimed at improving software supply chain security for organisations.

The new offerings include agentic AI-powered self-healing for open-source software, source code, and containers, alongside Gold Open Source Packages, Gold Open Source Images, and a software risk analysis engine called SCA360.

Lineaje's AI Labs research indicates that 90% of modern applications incorporate open-source packages, while 95% of vulnerabilities in applications originate from these dependencies. This environment makes it difficult for developers as development, security, and operations (DevSecOps) teams must address rapidly shifting prioritised risks, often leading to high vulnerability backlogs and resource pressure.

According to the Enterprise Strategy Group, 91% of organisations experienced software supply chain incidents in the previous 12 months, leading to significant operational impacts.

The company's new solutions aim to mitigate these issues by combining agentic AI, Gold Open Source, and SCA360 scanning technology to eliminate software supply chain vulnerabilities and streamline workflows for development and security teams.

The agentic AI functionality enables automatic detection and remediation of security risks within codebases and container environments. These AI agents can compare software versions, generate reports, and analyse compatibility at scale.

With these capabilities, thousands of containers and hundreds of repositories are monitored and updated autonomously, reducing the direct burden on developers. The system scans code for security issues, including common vulnerabilities and exposures (CVE), identifies compatible updates, and can apply fixes automatically upon approval.

Application-aware, self-healing secure containers further allow vulnerabilities to be identified and patched across multiple layers. New container clones are generated automatically and are intended to be compatible and secure prior to deployment, enabling remediation as part of the build and deployment pipeline.

Melinda Marks, Practice Director, Cybersecurity at Enterprise Strategy Group, commented, "As developers increasingly utilise third-party and open-source software to save time as they develop their applications, security teams face challenges with software supply chain security. And the complexity of the software supply chain will continue to grow as developers utilise AI to further increase their productivity."

"It is exciting to see Lineaje apply agentic AI to automatically scan and remediate vulnerabilities in open-source software, source code, and containers to help organisations manage software supply chain risk, as this technology holds the promise of creating self-healing systems to alleviate security teams from the challenges of supporting rapidly scaling software development."

The Gold Open Source programme allows organisations to access pre-attested, vulnerability-free open-source packages and images, with each package offering full transparency through more than 100 tracked attributes, such as vulnerabilities, licences, and code quality. The offering includes over 3 million Gold Packages and 2,000 Gold Images used in enterprise environments. These catalogues are updated and monitored by Lineaje's AI capabilities, which now track more than 408 billion security data points.

For customised needs, developers can generate bespoke Gold Images by specifying public container images, which are then hardened and added to client subscriptions.

Premium Gold Open Source functionality addresses security risks associated with abandoned or incompatible open-source packages. According to Lineaje AI Labs data, more than half of all open-source packages are abandoned, leaving potential vulnerabilities exposed in these widely used components.

SCA360, a contextual risk analysis engine newly introduced by Lineaje, unifies software analysis for source code, repositories and containers. It operates within an organisation's security perimeter, offering scanning without moving critical data outside corporate boundaries. The tool includes a dependency and reachability scanner, static code analysis, and a malware scanner that detects embedded malicious code or tampered packages.

Pippin Wallace, Senior Security Engineer at Favor Delivery, said, "As a food delivery service, our entire business model rests upon the success of our software. A faulty component or vulnerability could potentially disrupt thousands of deliveries daily, impacting our revenue, customer satisfaction, reputation with partners, which could impact our employees and customers."

"We required a solution to proactively address these risks and protect our business. Lineaje's SCA360 helps us manage security risks by scanning all software in our delivery platform, ensuring that everything can stay secure. It helps our developers focus on serving up more value to our partners and end users by fixing issues before they become bigger threats."

Lineaje states that its solutions can integrate with other corporate tools to allow for full-lifecycle software supply chain security and simplified management across the development pipeline, including the new capabilities for self-healing systems and automated risk reduction.

Javed Hasan, co-founder and CEO of Lineaje, said, "Full-lifecycle software supply chain security capabilities enable organisations to deliver transparently secure software. Our new Agentic AI capability in Lineaje AI, combined with Gold Open Source and SCA360, enables organisations to eliminate software supply chain risks while dramatically reducing developer, DevOps, and DevSecOps overhead and chaos created by existing AppSec tools."