Abstract: A security analysis of software includes analyzing security risks at each level of the hierarchy of the software and aggregating identified risks within the hierarchy levels. Weights applied during aggregation assist in homogenizing risk scores originating from different types of identified security risks and provide for the ability to communicate a meaningful risk score at each level of the hierarchy.

Abstract: A governance engine is provided that receives changes identified in dependencies in an enterprise and compares those changes to rule triggers, executing an output of a rule if a trigger is implicated. Related agents may examine the identified changes for new, potentially vulnerable or otherwise disallowed dependencies.

Abstract: An analysis of software stored and executing on one or more assets in an enterprise includes determining a hierarchy of nodes in the software and among the assets and analyzing dependencies among those nodes and assets through a static analysis of the software as it is stored as well as through a dynamic analysis of the software as it executes.

Abstract: A method and system for architecture analysis on IT assets of an enterprise is provided. An asset information of an enterprise is received. The asset information is associated with information of a plurality of Information Technology (IT) assets utilized in the enterprise. Interdependency of IT assets among the plurality of IT assets is determined. The interdependency is determined based at least in part, on similarity of one or more lines of codes of plurality of IT assets. A dependency map of the plurality of IT assets is determined based on the interdependency of IT assets among the plurality of IT assets.

Abstract: A method and system for architecture analysis on IT assets of an enterprise is provided. An asset information of an enterprise is received. The asset information is associated with information of a plurality of Information Technology (IT) assets utilized in the enterprise. Interdependency of IT assets among the plurality of IT assets is determined. The inter-dependency is determined based at least in part, on similarity of one or more lines of codes of plurality of IT assets. A dependency map of the plurality of IT assets is determined based on the interdependency of IT assets among the plurality of IT assets.