- Terminus FE1.1 USB hub board: the solution to connect four USB devicesPosted 3 months ago
- Understanding the Mechanics of 3D PrintingPosted 4 months ago
- SDS011 the Air Quality SensorPosted 5 months ago
- NIXIE STYLE LED DISPLAYPosted 8 months ago
- TOTEM: learning by experimentingPosted 9 months ago
- Google Assistant Voice Controlled Switch – NodeMCU IOT ProjePosted 9 months ago
- Water Softener Salt Level MonitorPosted 9 months ago
- Sparkly Air SensorPosted 9 months ago
- Ultra sonic distance finder with live statusPosted 9 months ago
- Windows interface to have total control over lampsPosted 9 months ago
Sonatype DepShield Helps You to Identify Open Source Security Vulnerabilities
Incorporating outside code into the mix can potentially introduce new security vulnerabilities. Sonatype has launched a free service called DepShield that can automatically identify vulnerable open-source components.
The offering is available as an embedded tool for GitHub, the industry’s go-to code hosting service and the home of most of the world’s open-source projects. DepShield draws on Sonatype’s OSS Index database of software security vulnerabilities to detect issues. The startup aggregates data from public threat intelligence sources such as the CVE system, which is funded by the U.S. Department of Homeland Security.
Sonatype DepShield features and benefits include:
- Continuously monitors projects and auto-creates issues for security vulnerabilities
- Available for Apache Maven today with JavaScript and Python coming soon
- Ability to view a list of known security vulnerabilities within GitHub’s Issue Tracker and click on an issue to view vulnerability details including CVE and CVSS
- Determine vulnerable version ranges on each given vulnerability
- Available for free, serving both private and public GitHub repositories
When a developer incorporates a new open-source component into a project, DeepShield can automatically flag any issues that the project may contain. DepShield also displays what specific versions of an open-source project contain a given vulnerability to ease remediation.
For further information you can visit Sonatype’s website.