ASPM (Application Security Posture Management).

A consolidation layer above SAST/DAST/SCA/secrets/IaC scanners that normalizes findings, ties them to application context, deduplicates, prioritizes by reachability and exploitability, and tracks remediation across teams. サイバーセキュリティの クラウドセキュリティ カテゴリに属します。

A consolidation layer above SAST/DAST/SCA/secrets/IaC scanners that normalizes findings, ties them to application context, deduplicates, prioritizes by reachability and exploitability, and tracks remediation across teams.

Application Security Posture Management (ASPM) is a category that crystallized in 2023–2024 as the natural successor to point AppSec tools. A typical enterprise runs SAST, DAST, IAST, SCA, container scanning, IaC scanning, secret scanning, and pen-test platforms — each generating findings in different formats with different severity scales and different false-positive rates. ASPM platforms ingest those signals, correlate them with code-ownership (CODEOWNERS, repos, services), runtime context (which repos actually ship to production, which dependencies are reachable), and business risk, then produce a unified, deduplicated, prioritized list per team. Many ASPM products also orchestrate scanners (running the right tool at the right gate) and feed back to ticketing (Jira, Linear). The category overlaps with CNAPP and the broader 'unified security platform' trend; analysts and vendors (Snyk, Apiiro, Cycode, Checkmarx One, Legit Security, OX Security, ArmorCode) treat ASPM as the AppSec-side equivalent of CSPM/CNAPP for cloud configuration.

ASPM (Application Security Posture Management) に対する防御は通常、上記の定義で述べたとおり、技術的統制と運用上の実践を組み合わせます。

一般的な別名: Application Security Posture Management, AppSec consolidation platform。