METERIAN LTD

Meterian Application Security Platform

Meterian security suite for enterprise applications continuously protects against vulnerabilities in open source components, stability and licensing risks, while validating the underlying digital infrastructure. Thanks to its unique ingestion algorithms, Meterian ensures unparalleled coverage and precision.

Features

• Software Composition Analysis for codebases and containers
• Static code analysis for Infrastructure-as-code
• Pipeline scanning integration on all major cloud platforms
• Scanning integration in IDEs for early problem identification
• Integrated automated alert notifications for vulnerabilities
• Clear reports with remediation paths and logical scoring system
• Auto remediation to replace vulnerable or problematic components
• Integrated policies to protect against intellectual property risks
• Automated generation of Software Bill Of Materials (SBOM)
• Fully open programmable APIs for painless integrations

Benefits

• Reduction of security and intellectual property risks
• Automated inventory of the complete opensource components estate
• Rapid identification and localisation of dangerous components
• Coherent, continuous and clear measurement of risks across the organisation
• Easy and efficient information gathering for streamlined decision-making
• Reporting that provides value to all stakeholders

£9,000 to £65,000 a licence a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at hello@meterian.io. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

360432248128186

Contact

Vivian Dufour
02071124879
hello@meterian.io

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: Meterian is a Cloud service that does not require the installation of hardware. Maintenance windows are advised in advance to users. Please note that requirements for installation on private cloud vary based on the nature of the cloud system used. ; Supported integrations are detailed in the service definition document, further information can be found at https://docs.meterian.io
• System requirements:
  • HTML5 browser: Safari(Latest), Chrome(Latest), Firefox(latest), IE 11
  • Supported languages: Java, Javascript, .NET, Scala, Ruby, Perl, PHP, Python
  • Also: NodeJS, Golang, Android/Kotlin, Swift/Objective-C, Elixir, Rust, C/C++, Clojure
  • IDE Support for Visual Studio
  • Java8 when not using Dockerized client
  • Docker when not using the Java thin client
  • *.meterian.com, *.meterian.io, whitelisting e.g. https://api.meterian.com

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Standard/Advanced support: Monday to Friday 09:00 - 18:00 (8x5), except UK (England) Bank Holidays.; Premium Support: 4 hours a day, and 7 days a week (24x7); ; For further details please see the relevant section in the service definition document.
• User can manage status and priority of support tickets: No
• Phone support: No
• Web chat support: Yes, at an extra cost
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Chat is available via a custom Slack channels that are created and dedicated to the customer. The channel is monitored by L3 support engineers. The user can ask any question related to the service and report any issue they are experiencing.
• Web chat accessibility testing: Please refer to the Slack documentation at slack.com
• Onsite support: Yes, at extra cost
• Support levels: Standard: email (8x5); P1 24 W/H, P2 5 W/D. P3 30 W/D, P4 NEXR; Advanced: email (8x5), chat (8x5) ; P1 8 W/H, P2 24 W/H. P3 5 W/D, P4 30 W/D; Premium: email (24x7), chat (24x5) ; P1 4 W/H, P2 8 W/H. P3 24 W/H, P4 5 W/D; ; Please see the Pricing Document for pricing. Technical support (L3) is available at extra cost.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: An onboarding interactive session is included in the price of the subscription which covers the first successful scan and, if requested, the first successful integration; All the documentation is available online at https://docs.meterian.io; The support channels are available to provide help.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: API can be used directly to extract at any point in time all user data. A request can be filed to support in order to obtain all user data in standard JSON format.
• End-of-contract process: Except for anonymised statistical data, Meterian shall destroy within sixty (60) days all users data, such as (but not limited to) reports, users, policies, tokens.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Linux or Unix
  • MacOS
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The web interface to access all dashboards is responsive and provides a usable interface on mobile devices. The experience may be limited due to the screen size and other characteristic of the device used.
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: In order to use the API, users need to generate an authorisation token. Users can use API to invoke the various function of the system. All the functions of the systems are exposed via APIs, resources are exposed in general with a RESTful interface. Users, based on their permission, can read, write and manage resource via API. Bindings for Python are availabe. A fair usage policy applies.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Designated admins have the ability to customise the way the engine works, in terms of thresholds, policies and algorithms. ; A range of possibilities is available in determining permissions for users. The login experience can be customised to support different access mechanisms. Additional customisations may be considered on request.

Scaling

• Independence of resources: The Meterian Platform automatically scales down comsumption when under excessive load, some compoment can scale automatically. Dedicated instances can be provided when absolute control is required.

Analytics

• Service usage metrics: Yes
• Metrics types: Historical analysis scores, vulnerable/outdated/wrongly-licensed components and affected projects/locations, resource consumption for the account/team.; All metrics data can be fed via API to other system (i.e. datadog), sample integrations are available.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: No
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Data can be exported in JSON format via API, specific exports are available (i.e. SBOM in CycloneDX format), and a set of reports can also be produced.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • JSON
  • XML
  • PDF
• Data import formats:
  • CSV
  • Other
• Other data import formats: JSON

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: SSH (current)

Availability and resilience

• Guaranteed availability: Meterian guarantees the availability of the Platform at or above ninety-nine percent (99%) during any calendar month,with the exclusion of (1) any planned maintenance and support, not to exceed 8 hours per calendar month, which shall generally occur on average twice per calendar month during maintenance windows between the hours of 5AM GMT and 7AM GMT; (2) planned maintenance on non-business days for which Meterian will provide notice at least 24 hours in advance; (3) any event of Force Majeure
• Approach to resilience: This information is available upon request with a mutual non-disclosure agreement.
• Outage reporting: Any outages are reported via the public Meterian Status dashboard, in case of severe incidentes email notifications are sent to the affected customers.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
• Other user authentication: MFA is available as an add-on
• Access restrictions in management interfaces and support channels: This is defined within the Meterian Information Security Pack which is available under mutual non-disclosure agreement.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: No audit information available
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: CyberEssentials
• Information security policies and processes: These can be made available by Meterian Information Security Pack under mutual non-disclosure agreement.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: This is defined inside the Meterian information security pack, which is available under mutual non-disclosure agreement.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: This is defined within the Meterian Information Security Pack which is available under mutual non-disclosure agreement.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: This is defined within the Meterian Information Security Pack which is available under mutual non-disclosure agreement.
• Incident management type: Supplier-defined controls
• Incident management approach: This is defined within the Meterian Information Security Pack which is available under mutual non-disclosure agreement.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Equal opportunity
  • Wellbeing

  Equal opportunity

  We will support economic growth by creating jobs and skills in the technology sector and help our customers maintain a resilient software supply chain.; ; We will tackle inequality by improving gender diversity,; raising awareness of wider diversity, equity and inclusion issues and benchmarking our diversity beyond gender.

  Wellbeing

  We will invest in wellbeing by providing employee benefits and ways of working that support the physical and mental well-being of our people.

Pricing

• Price: £9,000 to £65,000 a licence a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: We offer 14 day free trials of Enterprise plans, subject to the Buyer disclosing objectives or success factors for the trial, disclosing account email ID, and providing trial feedback. Enterprise features must be enabled by Meterian after Buyer signs up.
• Link to free trial: https://www.meterian.io/dashboard/?action=signup

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at hello@meterian.io. Tell them what format you need. It will help if you say what assistive technology you use.