Open Source Security

Mend.io is a Strong Performer in the Forrester Wave™ Software Composition Analysis, Q4 2024
See why Mend.io is recognized as a Strong Performer in The Forrester Wave™ Software Composition Analysis (SCA) Q4 2024 report ...
Mend.io & HeroDevs Partnership: Eliminate Risks in Deprecated Package
Announcing an exclusive partnership between Mend.io and HeroDevs to provide support for deprecated packages ...
Strengthening Open-Source Security: Effective and Best Practices
Open-source security requires a multi-faceted approach due to the transparency of open-source software exposing potential vulnerabilities. Malicious actors can target the supply chain to introduce compromised components into open-source projects. Misunderstanding or ...

Software supply chain risk assessment: 8 steps to a secure SDLC
Like any chain, a software supply chain contains many links. These links consist of every actor involved in the development & deployment of your code in The post Software supply chain risk ...

A Developer’s Tutorial to Using NPM Audit for Dependency Scanning
Many developers overlook the risks lurking in third-party packages. Every package you add could harbor vulnerabilities, potentially exposing sensitive user data and granting unauthorized access to The post A Developer’s Tutorial to ...

A Guide to Open Source Software
Learn more about how organizations can use open source software to innovate while minimizing risk ...
NVD Update: Help Has Arrived
There's hope yet for the world's most beleaguered vulnerability database ...

Enhance security with Sonatype Lifecycle and ServiceNow Application Vulnerability Response (AVR) integration
We are excited to announce an innovative partnership that integrates Sonatype's open source software (OSS) security intelligence directly into ServiceNow workstreams. For this partnership, we've launched a new Sonatype and ServiceNow integration ...

Enhance security with Sonatype Lifecycle and ServiceNow Application Vulnerability Response (AVR) integration
We are excited to announce an innovative partnership that integrates Sonatype's open source software (OSS) security intelligence directly into ServiceNow workstreams. For this partnership, we've launched a new Sonatype and ServiceNow integration ...
Open Source Security: How Strobes Integrates Security into Your Dev Workflow
Cloud-native development thrives on open-source software (OSS). It offers readily available, pre-built components that accelerate development lifecycles. However, this very advantage presents a significant challenge for DevSecOps: OSS security vulnerabilities.... The post ...