Open Source

How Black Duck Addresses the Log4j Zero-Day Open Source Vulnerability

Dec 23, 2021 By Synopsys In Synopsys

Synopsys experts will demonstrate how to use Black Duck to quickly discover and remediate open source security vulnerabilities like Log4j. Black Duck Software Composition Analysis (SCA) not only helps you address open source risk, but enables you to stay ahead of the next zero-day open source vulnerability with robust scanning, detailed and actionable security information and continuous monitoring and alerting.

View Video

Synopsys

Read more about How Black Duck Addresses the Log4j Zero-Day Open Source Vulnerability

Snyk Open Source in 2021: A year of innovation

Dec 21, 2021 By Daniel Berman In Snyk

More than 90% of organizations rely on open source software, a reliance that introduces a significant amount of security and legal risk via either direct or transitive open source dependencies. To overcome this challenge, Software Composition Analysis (SCA) solutions are playing an increasingly important role in helping organizations successfully identify and mitigate potential security issues.

Read Post

Snyk

Read more about Snyk Open Source in 2021: A year of innovation

Arctic Wolf Releases Open Source Log4Shell Detection Script

Dec 17, 2021 By Arctic Wolf In Arctic Wolf

After successful deployment to Arctic Wolf’s customer community of more than 2,300 organizations worldwide, today we are making “Log4Shell Deep Scan” publicly available on GitHub. Log4Shell Deep Scan enables detection of both CVE-2021-45046 and CVE-2021-44228 within nested JAR files, as well as WAR and EAR files.

Read Post

Arctic Wolf

Read more about Arctic Wolf Releases Open Source Log4Shell Detection Script

Snyk gives warning: update your Apache Log4j software immediately

Dec 14, 2021 By Snyk In Snyk

Last Friday, a critical vulnerability was discovered in the popular open source software, Apache Log4j 2. Developer-first security company, Snyk, warns of the potentially large impact on companies.

Read Post

Snyk

Read more about Snyk gives warning: update your Apache Log4j software immediately

Snyk Open Source adds beta C/C++ security scanning for unmanaged OSS

Dec 8, 2021 By Daniel Berman In Snyk

We’re happy to announce the open beta of C/C++ security scanning in Snyk Open Source, enabling development and security teams to find and fix known security vulnerabilities in their C/C++ open source code and libraries! Used across various industry verticals and prominent within the gaming, hardware/IoT, and communications industries, C/C++ continues to have a major impact on software development and the technology space as a whole.

Read Post

Snyk

Read more about Snyk Open Source adds beta C/C++ security scanning for unmanaged OSS

A Kubernetes Controller for Styra DAS

Nov 30, 2021 By Jan Willies - Contributor In Styra

We just open sourced our Kubernetes controller for the Styra Declarative Authorization Service (DAS). If you are interested in managing OPAs via Styra DAS via Kubernetes, read on.

Read Post

Styra

Read more about A Kubernetes Controller for Styra DAS

The Kubernetes' Open-Source Tools to Check out in 2022

Nov 25, 2021 By Jonathan Kaftzan In ARMO

In 2014, Kubernetes surfaced from work at Google and quickly became the de facto standard for container management and orchestration. Despite its silicon valley origins, it became one of the most impactful open-source projects in the history of computing. Today, the Cloud Native Computing Foundation (CNCF) maintains Kubernetes with many private companies and independent open-source developers.

Read Post

ARMO

Read more about The Kubernetes' Open-Source Tools to Check out in 2022

Securing your open source dependencies with the Snyk Visual Studio Code extension

Nov 23, 2021 By Daniel Berman In Snyk

We’re pleased to announce new functionality within the Snyk Vulnerability Scanner extension for Visual Studio Code, making it easier for developers to find and fix vulnerabilities and license issues in their open source dependencies! To help developers take more responsibility for the security of their applications, security tools must be able to integrate seamlessly into existing workflows and the tools developers are using on a day-to-day basis.

Read Post

Snyk

Read more about Securing your open source dependencies with the Snyk Visual Studio Code extension

How to prevent Trojan Source attacks with Snyk Code

Nov 17, 2021 By Frank Fischer In Snyk

Earlier this month, a group of researchers at the University of Cambridge published an academic paper, with an accompanying website, on a new type of potential vulnerability that could appear in source code. They called it Trojan Source.

Read Post

Snyk

Read more about How to prevent Trojan Source attacks with Snyk Code

The Benefits and Challenges of Reporting vs. Remediation with SBOMs

Nov 11, 2021 By Ori Bach In Mend

As organizations look for solutions that enable them to create a software bill of materials (SBOM) to ensure they’re meeting new governmental mandates for protecting the software supply chain, it’s important to understand the difference between solutions based on reporting vs. remediation. The primary focus of any SBOM solution should be on open source code. The use of open source continues to expand exponentially. Open source components comprise 60%-80% of today’s applications.

Read Post