Open Source

Monthly JFrog Xray Demo

Jun 14, 2022 By JFrog In JFrog

William Manning, JFrog Solutions Engineering Manager, hosts "Monthly JFrog Xray Demo." See how Xray provides intelligent supply chain security and compliance at DevOps speed. JFrog Xray is a software composition analysis (SCA) solution that scans your open source software (OSS) dependencies for security vulnerabilities and license compliance issues.

View Video

JFrog

Read more about Monthly JFrog Xray Demo

How to Find the Best Open Source Packages

Jun 14, 2022 By Snyk In Snyk

When choosing open source packages for your projects it can be cumbersome and overwhelming. You need to evaluate them to make sure they fit your needs while also being well supported. Learn about some best practices when evaluating open source software and walk away with a free tool that can speed up this process for you.

View Video

Snyk

Read more about How to Find the Best Open Source Packages

What is a Dependency Firewall? What, Why and How?

Jun 13, 2022 By Daniel Parmenvik In Bytesafe

In recent years more open source vulnerabilities have been discovered than ever before. This is all part of the natural evolution; it’s what we expect to see as the amount of open source usage grows within organizations. But there’s something that we missed in this equation: while identifying vulnerabilities, organizations haven’t found a way to block unwanted dependencies, which made them vulnerable to attacks like never before.

Read Post

Bytesafe

Read more about What is a Dependency Firewall? What, Why and How?

Mend Explainer

May 25, 2022 By Mend In Mend

Mend, formerly known as WhiteSource, effortlessly secures what developers create. Mend uniquely removes the burden of application security, allowing development teams to deliver quality, secure code, faster. With a proven track record of successfully meeting complex and large-scale application security needs, the world’s most demanding software developers rely on Mend. The company has more than 1,000 customers, including 25 percent of the Fortune 100, and manages Renovate, the open source automated dependency update project.

View Video

Mend

Read more about Mend Explainer

Pyrsia: Open Source Software that Helps Protect the Open Source Supply Chain

May 25, 2022 By Lori Lorusso and Stephen Chin In JFrog

Stephen Chin is no stranger to having big ideas and implementing them to help the developer community. In the last twenty years he’s been involved in building open source IDEs, bootstrapping rich client libraries, maintaining JVM languages, and cultivating relationships with developers that do the same.

Read Post

JFrog

Read more about Pyrsia: Open Source Software that Helps Protect the Open Source Supply Chain

JFrog & Industry Leaders Join White House Summit on Open Source Software Security

May 18, 2022 By Stephen Chin In JFrog

There’s no question the volume, sophistication and severity of software supply chain attacks has increased in the last year. In recent months the JFrog Security Research team tracked nearly 20 different open source software supply chain attacks – two of which were zero day threats.

Read Post

JFrog

Read more about JFrog & Industry Leaders Join White House Summit on Open Source Software Security

A Look Back at the Executive Order on Cybersecurity

May 12, 2022 By Hope Goslin In Veracode

It has officially been one year since the release of the Biden administration’s Executive Order on Cybersecurity, which outlines security requirements for software vendors selling software to the U.S. government. These requirements include security testing in the development process and a software bill of materials for the open-source libraries in use so that known vulnerabilities are disclosed and able to be tracked in the future, among other things.

Read Post

Veracode

Read more about A Look Back at the Executive Order on Cybersecurity

Black Duck Open Source Audits: Working through licensing issues like a pro

May 11, 2022 By Phil Odence In Synopsys

It’s critical to have the right people and approach when it comes to understanding and resolving licensing issues in open source audits. Many of our regular Black Duck Audit customers have well-honed processes that kick in after we deliver reports. We’ve gleaned some ideas and approaches from working with these clients and the biggest pro tip? You need a pro, i.e., make sure you have an open source-savvy attorney involved.

Read Post

Synopsys

Read more about Black Duck Open Source Audits: Working through licensing issues like a pro

CyRC Vulnerability Advisory: Reflected cross-site scripting in Black Duck Hub

May 9, 2022 By Ben Ronallo In Synopsys

CVE-2022-30278 is a reflected cross-site scripting (XSS) vulnerability in Black Duck Hub’s embedded MadCap Flare documentation files.

Read Post

Synopsys

Read more about CyRC Vulnerability Advisory: Reflected cross-site scripting in Black Duck Hub

Choosing Open Source Libraries

Apr 27, 2022 By Snyk In Snyk

In this quick video, Brian Clark talks through best practices when choosing open source libraries and shows how to accelerate your OSS evaluations. Chapters: Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.

View Video