Open source software provides companies with a competitive edge but when used incorrectly, it can lead to risks in the software supply chain. Today’s modern software applications simply would not exist, or be as powerful, without the use of open source software (OSS). Developers design open source software with source code that is accessible for anyone to use, modify, and learn from, and they release the code with specific licensing rights.

The new Black Duck SCA release offers enhancements to help organizations to better understand the potential risks in their software supply chain. Black Duck® software composition analysis (SCA) started the new year off strong and got a running start on its resolution to better help teams secure their software supply chain at the speed of modern software development. Let’s look at some of the highlights of the 2023.1.0 release.

Open source security tools are no longer experimental or only used by hobbyists. They protect some of the largest global enterprises and critical digital infrastructure. This evolution occurred more rapidly than anyone imagined or predicted.

With an understanding of what open source licenses are and their benefits, it’s also useful to know what are the main categories of these licenses, the different types, and their requirements. It’s quite an array, which can be overwhelming, but with this knowledge, you can make more informed choices about what software and what licenses are right for your purposes.

The first post of this series on the software-related risks organizations are facing looked at vulnerabilities introduced in development. In this post we look at the risks of open source vulnerabilities. Organizations are increasingly dependent on third-party software, including open source code, but current tools provide limited visibility and require a lot of manual work.

We love open-source software (OSS). Not only does it save time and effort, but it’s also incredibly rewarding to collaborate with other developers on major projects. Plus, it opens the door for innovation that otherwise wouldn’t be possible at this scale. However, with code comes responsibility, and so it’s imperative to understand the risk OSS libraries carry when we’re integrating them into projects.

Kubescape, an end-to-end open-source Kubernetes security platform, embarks on a new journey. Kubescape, created by ARMO, will fully migrate to the CNCF. This coincides with the launch of ARMO Platform, a hosted, managed security solution powered by Kubescape.

In August 2021 we launched Kubescape with a mission to make Kubernetes security open source, simple, and available for everyone, even non-security engineers. Since then we have been working on adding new capabilities to Kubescape, while building a strong community around it. The recent acceptance of Kubescape by the CNCF, as a sandbox project, is another important milestone for ARMO’s open-source journey with Kubescape.