- Building a 3D Digital Clock with ArduinoPosted 2 months ago
- Creating a controller for Minecraft with realistic body movements using ArduinoPosted 2 months ago
- Snowflake with ArduinoPosted 3 months ago
- Holographic Christmas TreePosted 3 months ago
- Segstick: Build Your Own Self-Balancing Vehicle in Just 2 Days with ArduinoPosted 3 months ago
- ZSWatch: An Open-Source Smartwatch Project Based on the Zephyr Operating SystemPosted 4 months ago
- What is IoT and which devices to usePosted 4 months ago
- Maker Faire Rome Unveils Thrilling “Padel Smash Future” Pavilion for Sports EnthusiastsPosted 5 months ago
- Make your curtains smartPosted 5 months ago
- Configuring an ESP8266 for Battery PowerPosted 5 months ago
Sonatype DepShield Helps You to Identify Open Source Security Vulnerabilities
Incorporating outside code into the mix can potentially introduce new security vulnerabilities. Sonatype has launched a free service called DepShield that can automatically identify vulnerable open-source components.
The offering is available as an embedded tool for GitHub, the industry’s go-to code hosting service and the home of most of the world’s open-source projects. DepShield draws on Sonatype’s OSS Index database of software security vulnerabilities to detect issues. The startup aggregates data from public threat intelligence sources such as the CVE system, which is funded by the U.S. Department of Homeland Security.
Sonatype DepShield features and benefits include:
- Continuously monitors projects and auto-creates issues for security vulnerabilities
- Ability to view a list of known security vulnerabilities within GitHub’s Issue Tracker and click on an issue to view vulnerability details including CVE and CVSS
- Determine vulnerable version ranges on each given vulnerability
- Available for free, serving both private and public GitHub repositories
When a developer incorporates a new open-source component into a project, DeepShield can automatically flag any issues that the project may contain. DepShield also displays what specific versions of an open-source project contain a given vulnerability to ease remediation.
For further information you can visit Sonatype’s website.