Sonatype DepShield Helps You to Identify Open Source Security Vulnerabilities

By Luca Ruggeri on August 22, 2018

Incorporating outside code into the mix can potentially introduce new security vulnerabilities. Sonatype has launched a free service called DepShield that can automatically identify vulnerable open-source components.

The offering is available as an embedded tool for GitHub, the industry’s go-to code hosting service and the home of most of the world’s open-source projects. DepShield draws on Sonatype’s OSS Index database of software security vulnerabilities to detect issues. The startup aggregates data from public threat intelligence sources such as the CVE system, which is funded by the U.S. Department of Homeland Security.

Sonatype DepShield features and benefits include:

Continuously monitors projects and auto-creates issues for security vulnerabilities
Available for Apache Maven today with JavaScript and Python coming soon
Ability to view a list of known security vulnerabilities within GitHub’s Issue Tracker and click on an issue to view vulnerability details including CVE and CVSS
Determine vulnerable version ranges on each given vulnerability
Available for free, serving both private and public GitHub repositories

When a developer incorporates a new open-source component into a project, DeepShield can automatically flag any issues that the project may contain. DepShield also displays what specific versions of an open-source project contain a given vulnerability to ease remediation.

For further information you can visit Sonatype’s website.

About Luca Ruggeri

OpenSource Products

AMPLIFIER CLASS D 2x15W
Based on the PAM8610 chip, this small Class D stereo...
- Posted 1 month ago
- 1
Demoboard for ESP32
Demoboard for the famous ESP32 Bluetooth and WiFi module (available...
- Posted 6 months ago
- 1
TOTEM: learning by experimenting
Let’s learn about an interesting educational platform that allows...
- Posted 9 months ago
- 0
Air Quality Sensor – PM2.5, PM10
This module uses the principle of optical LASER light scattering...
- Posted 9 months ago
- 1
Small solar cell (0,5 V / 800 mA)
Photovoltaic cell with very small dimensions, suitable for carrying out...
- Posted 11 months ago
- 1
The cheapest Arduino alternative: PRO MIDI 1284P
It is halfway between an Arduino Mini (in size)...
- Posted 11 months ago
- 3
Chip 1 IN – 4 OUT USB 2.0 High Speed
The FE1.1s chip is a high-performance, low-power integrated circuit that...
- Posted 11 months ago
- 0
Display Oled 1.3 inch
1.3″ Organic Light Emitting Diode (OLED) Display with good contrast,...
- Posted 12 months ago
- 0

Tutorials

PCB CAD, A SELECTION GUIDE
Getting to know and evaluate the software offer for PCB,...
- Posted 2 years ago
- 0
DIY Sensor – Innovation & Implementation
A sensor converts data such as heat, light, sound,...
- Posted 3 years ago
- 0
Getting Started with the ESP32
This article is a getting started guide for the ESP32...
- Posted 4 years ago
- 0

Mods and Hacks

The flame that doesn’t burn
Based on Neopixel and a special ultra-thin Arduino, it simulates...
- Posted 1 year ago
- 1
Here are the Winners from the 3Drag 3d printing contest
Here we are, eventually the contest has come to an...
- Posted 9 years ago
- 0
Updates from the 3Drag 3dprinting contest: Roland Hoffert’s Hacks
Roland Hoffert, from www.eytec.de, submitted us this 3Drag (Velleman K8200...
- Posted 9 years ago
- 0
Updates from the 3Drag 3dprinting contest: Karl Seiss’s Hack
Karl Seiss from Austria made a very clever hack to...
- Posted 9 years ago
- 0

Opinions

PCB Recycling: The Core of Your Electronics Is More Valuable Than You Think
The screen you are looking at this very moment will...
- Posted 1 year ago
- 4
PCB CAD, A SELECTION GUIDE
Getting to know and evaluate the software offer for PCB,...
- Posted 2 years ago
- 0
The Open Source community united against Covid-19
On March 11, WHO (World Health Organization) officially declared the...
- Posted 3 years ago
- 0
Coronavirus: Now Is The Time For Solidarity
The moment we are living, in China before and all...
- Posted 3 years ago
- 0

Popular
Latest
Comments

Arduino ISP (In System Programming) and stand-alone circuits
We use an Arduino to program other ATmega without...
- Posted 11 years ago
- 225
Arduino GSM shield
This is a very low...
- Posted 12 years ago
- 218
Localizer with SIM908 module
The device is based on a GSM/GPRS module with...
- Posted 11 years ago
- 187
GSM GPS shield for Arduino
Shield for Arduino designed and based on the module...
- Posted 11 years ago
- 181
Small Breakout for SIM900 GSM Module
Some post ago we presented a PCB to mount...
- Posted 12 years ago
- 115

AMPLIFIER CLASS D 2x15W
Based on the PAM8610 chip, this small Class D...
- Posted 1 month ago
- 1
Learn How to Design and Control a Robotic Arm with Arduino and Fusion 360
Building a robot can be a challenging task, even...
- Posted 1 month ago
- 1
Robot Solves Rubik’s Cube Faster Than You Can Blink
In the world of speedcubing, solving Rubik’s cubes in...
- Posted 2 months ago
- 0
Cookiecad, the easiest way to create custom cookie cutters to print in 3D
Cookiecad is a tool that allows you to create...
- Posted 2 months ago
- 1
Terminus FE1.1 USB hub board: the solution to connect four USB devices
Based on a single chip from Terminus, it...
- Posted 3 months ago
- 1