Modern software is assembled, not just written: nearly 90% of a typical application consists of third-party libraries. If a critical vulnerability like Log4Shell were disclosed tomorrow, how long would it take your team to identify every affected microservice?

In this session, we will explore how to democratize Software Supply Chain Security (SSCS) by building an automated defense perimeter at zero licensing cost. Through a Live Demo featuring a Docker-based prototype, we will show how this practical architecture unites AST analysis, local LLMs, and automated VEX generation.

We will go beyond basic scanning by demonstrating how to leverage Artificial Intelligence for code reachability analysis and generate VEX (Vulnerability Exploitability eXchange) files to silence false positives and focus only on actionable risks. We will also discuss how this stack prepares organizations for the upcoming requirements of the EU Cyber Resilience Act (CRA).