- How to Adjust X and Y Axis Scale in Arduino Serial Plotter (No Extra Software Needed)Posted 3 weeks ago
- Elettronici Entusiasti: Inspiring Makers at Maker Faire Rome 2024Posted 3 weeks ago
- makeITcircular 2024 content launched – Part of Maker Faire Rome 2024Posted 3 months ago
- Application For Maker Faire Rome 2024: Deadline June 20thPosted 4 months ago
- Building a 3D Digital Clock with ArduinoPosted 9 months ago
- Creating a controller for Minecraft with realistic body movements using ArduinoPosted 10 months ago
- Snowflake with ArduinoPosted 10 months ago
- Holographic Christmas TreePosted 11 months ago
- Segstick: Build Your Own Self-Balancing Vehicle in Just 2 Days with ArduinoPosted 11 months ago
- ZSWatch: An Open-Source Smartwatch Project Based on the Zephyr Operating SystemPosted 12 months ago
Sonatype DepShield Helps You to Identify Open Source Security Vulnerabilities
Incorporating outside code into the mix can potentially introduce new security vulnerabilities. Sonatype has launched a free service called DepShield that can automatically identify vulnerable open-source components.
The offering is available as an embedded tool for GitHub, the industry’s go-to code hosting service and the home of most of the world’s open-source projects. DepShield draws on Sonatype’s OSS Index database of software security vulnerabilities to detect issues. The startup aggregates data from public threat intelligence sources such as the CVE system, which is funded by the U.S. Department of Homeland Security.
Sonatype DepShield features and benefits include:
- Continuously monitors projects and auto-creates issues for security vulnerabilities
- Available for Apache Maven today with JavaScript and Python coming soon
- Ability to view a list of known security vulnerabilities within GitHub’s Issue Tracker and click on an issue to view vulnerability details including CVE and CVSS
- Determine vulnerable version ranges on each given vulnerability
- Available for free, serving both private and public GitHub repositories
When a developer incorporates a new open-source component into a project, DeepShield can automatically flag any issues that the project may contain. DepShield also displays what specific versions of an open-source project contain a given vulnerability to ease remediation.
For further information you can visit Sonatype’s website.