Smartfix
Are you using struggling to fix vulnerabilities in transitive dependencies? WhiteSource can integrate with your repository and provide automatic pull requests with fix recommendations for transitive dependencies.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Threat Actor Deploys Malicious Packages Using Hex Encoding and Delayed Execution
Over the past week, the WhiteSource security team has found several instances of packages that use unusual techniques to disguise malicious intent. These techniques differ from what we have usually seen in the past, such as base64 and JS obfuscation. This time, we are seeing a malicious actor use hex encoding to hide the malicious behavior of the package.
Microsoft: Faster, Secure Open Source Code with WhiteSource
WhiteSource provides a simple yet powerful solution for companies to manage the open source components in their application. WhiteSource is designed for security and software development teams, to give managers the control and visibility over the vulnerabilities in their app and developers to tools to quickly fix what matters.
Microsoft Developers Trust WhiteSource for Fast, Secure Open Source Best Practices
WhiteSource provides a simple yet powerful solution for companies to manage the open source components in their application. WhiteSource is designed for security and software development teams, to give managers the control and visibility over the vulnerabilities in their app and developers to tools to quickly fix what matters. WhiteSourceSoftware.com
Get the Response to Spring4Shell Right: Best Practices for Immediate Remediation
With more than 38 percent of our customers impacted by the recently discovered Spring4 Shell zero-day vulnerability and more than 33 percent of impacted organizations having already remediated (removed) some or all their vulnerable libraries, I have been involved in many conversations over this incident.
Automated Software Supply Chain Attacks: Should You be Worried?
From the factory floor to online shopping, the benefits of automation are clear: Larger quantities of products and services can be produced much faster. But automation can also be used for malicious purposes, as illustrated by the ongoing software supply chain attack targeting the NPM package repository. By automating the process of creating and publishing malicious packages, the threat actor behind this campaign has taken things to a new scale.
Spring4Shell Zero-Day Vulnerability: Information and Remediation for CVE-2022-22965
Overview The internet is abuzz with the disclosure of CVE-2022-22965, an RCE vulnerability in Spring, one of the most popular open-source frameworks for Java applications in use today. Known as “Spring4Shell” or “SpringShell”, the zero-day vulnerability has triggered widespread concern about the possibility of a wave of malicious attacks targeting vulnerable applications. Is this Log4j 2.0?
How To Set A Benchmark Of False Positives With SAST Tools
Many Static Application Security Testing (SAST) tools struggle with false positives. They often report that a vulnerability is present, while, in reality, it does not exist. This inaccuracy weighs down the engineering team, as they spend productive hours triaging the false alarms. By setting a benchmark of false positives — a limit, above which is unacceptable — you can establish a point of reference or standard against which to measure the efficacy of your SAST tool.
WhiteSource SCA Administration - User Interface Walkthrough
WhiteSource provides a simple yet powerful solution for companies to manage open source components in their application. WhiteSource is designed for security and software development teams, to give managers the control and visibility over the vulnerabilities in their app and developers to tools to quickly fix what matters. The following video is a brief overview the of user interface and some of the feature functionality within.
Best SAST Tools: Top 7 Solutions Compared
Static application security testing (SAST) tools automatically scan the source code of an application. The goal is to identify vulnerabilities before deployment. SAST tools perform white-box testing, which involves analyzing the code based on inside knowledge of the application. SAST offers granularity in detecting vulnerabilities, providing an assessment down to the line of code.