- “Maker Faire Rome – The European edition” returns to the Gazometro OstiensePosted 4 weeks ago
- Single-chip saturation meterPosted 2 months ago
- Raspberry Pi Relay BoardPosted 3 months ago
- PCB CAD, A SELECTION GUIDEPosted 4 months ago
- Automatic dispenser for catsPosted 4 months ago
- Do you have a mask? RASPBERRY Pi SEES ITPosted 4 months ago
- RFID based Attendance system using Arduino and External EEPROMPosted 4 months ago
- ESP32 Neopixel Status Indicator and Sensor PCB Shield with Wi-Fi ManagerPosted 5 months ago
- Remote control power functions usbPosted 5 months ago
- ESP32-CAM with Telegram: Take Photos Control Outputs Sensor Readings and Motion NotificationsPosted 5 months ago
Sonatype DepShield Helps You to Identify Open Source Security Vulnerabilities
Incorporating outside code into the mix can potentially introduce new security vulnerabilities. Sonatype has launched a free service called DepShield that can automatically identify vulnerable open-source components.
The offering is available as an embedded tool for GitHub, the industry’s go-to code hosting service and the home of most of the world’s open-source projects. DepShield draws on Sonatype’s OSS Index database of software security vulnerabilities to detect issues. The startup aggregates data from public threat intelligence sources such as the CVE system, which is funded by the U.S. Department of Homeland Security.
Sonatype DepShield features and benefits include:
- Continuously monitors projects and auto-creates issues for security vulnerabilities
- Ability to view a list of known security vulnerabilities within GitHub’s Issue Tracker and click on an issue to view vulnerability details including CVE and CVSS
- Determine vulnerable version ranges on each given vulnerability
- Available for free, serving both private and public GitHub repositories
When a developer incorporates a new open-source component into a project, DeepShield can automatically flag any issues that the project may contain. DepShield also displays what specific versions of an open-source project contain a given vulnerability to ease remediation.
For further information you can visit Sonatype’s website.