%term

Curating Open source Libraries on JFrog Platform, part II.

May 3, 2023 By JFrog In JFrog

Software supply chain security has been the most widely discussed topic for anyone who is writing applications utilizing the majority of open-source or third-party libraries. This webinar will showcase JFrog Platform's abilities to curate and compose workflows to help isolate libraries that have vulnerabilities and promote libraries to repositories that can be safely used. This webinar will also demonstrate self-service curation workflows.

View Video

JFrog

Read more about Curating Open source Libraries on JFrog Platform, part II.

Hands-on guide: How to scan and block container images to mitigate SBOM attacks

Apr 18, 2023 By Chris Man In Tigera

According to OpenLogic’s Open Source Adoption and Expansion in 2022 Report, the adoption of Open Source Software (OSS) across all sizes of organizations is rising with 40% of respondents stating an increase of OSS software over the previous year and 36% reporting a significant increase in OSS software usage. The increase in OSS adoption can be attributed to a number of factors including access to the latest innovations, reduction in costs and frequent product updates.

Read Post

Tigera

Read more about Hands-on guide: How to scan and block container images to mitigate SBOM attacks

Deceptive 'Vibranced' npm Package Discovered Masquerading as Popular 'Colors' Package

Apr 17, 2023 By Tom Abai In Mend

A new malicious package has been detected on the Node Package Manager (npm) repository that poses a significant threat to users who may unknowingly install it. Named ‘Vibranced,’ the package has been carefully crafted to mimic the popular ‘colors’ package, which has over 20 million weekly downloads.

Read Post

Mend

Read more about Deceptive 'Vibranced' npm Package Discovered Masquerading as Popular 'Colors' Package

Navigating Open Source License Legal Risks: A Comprehensive Guide

Apr 13, 2023 By Daniel Parmenvik In Bytesafe

Open source software has revolutionized the software development landscape, providing cost-effective solutions and promoting collaboration among developers worldwide. However, the legal terms associated with open source licenses can be complex, and improper management of these licenses may lead to significant legal risks.

Read Post

Bytesafe

Read more about Navigating Open Source License Legal Risks: A Comprehensive Guide

Using Workflow Actions & OSINT for Threat Hunting in Splunk

Apr 3, 2023 By Ryan Kovar In Splunk

Picture yourself, a threat hunter using Splunk, and the words "workflow action" are uttered by your helpful security Splunker... Workflow actions make you a faster and more effective security analyst. They allow you to skip the laborious steps of logging into various websites to do your job and just get straight to business.

Read Post

Splunk

Read more about Using Workflow Actions & OSINT for Threat Hunting in Splunk

GitGuardian vs. Custom-Built Secrets Detection Tools

Mar 24, 2023 By Soujanya Ain In GitGuardian

DIY or open-source secrets detection can seem cost-effective and customizable initially... until you start hitting the first obstacles like scalability, developer experience (DX), or deep application security expertise. Read on to find out how GitGuardian can help you rise above these!

Read Post

GitGuardian

Read more about GitGuardian vs. Custom-Built Secrets Detection Tools

The rising trend of malicious packages in open source ecosystems

Mar 23, 2023 By Idan Digmi In Snyk

Since the beginning of 2023, Snyk has documented around 6800 malicious packages across PyPI and the npm registry, which requires little to no interaction, almost 860 of which were discovered by us.

Read Post

Snyk

Read more about The rising trend of malicious packages in open source ecosystems

New language-specific Snyk Top 10 for open source vulnerabilities

Mar 15, 2023 By Erin Cullen In Snyk

Developers use open source code because it facilitates fast development. In fact, the vast majority of code in modern applications is open source. But just like any other code, open source libraries are open to vulnerabilities that can negatively affect a wide range of end-user products. So with widespread usage of open source, it's important for teams to be aware of the risks that can be hidden in the libraries they use.

Read Post

Snyk

Read more about New language-specific Snyk Top 10 for open source vulnerabilities

How To Setup Velero Backups On EKS Using IAM Roles for Service Accounts (IRSA)

Mar 9, 2023 By MD Islam In CloudCasa

Velero is an open-source tool that allows you to backup and restore your Kubernetes cluster resources and persistent volumes. Velero backups support a number of different storage providers including AWS S3. The process of setting up Velero backup with S3 using AWS credentials has been documented by Velero here. However, at the time of this post, there is no official documentation on how to set up Velero using IRSA or IAM Roles for Service Accounts.

Read Post