software supply chain hygiene
Patch EVERYTHING: Widely Used ‘WebP’ Code has Critical Bug
WebP FAIL. Critical vuln in libwebp: Go get updates to Chrome, Firefox, Edge, Slack and more ...
Beyond npm Audit to Traverse an Increasingly Complex Dependency Tree
If you've been immersed in the Node.js/JavaScript community for awhile, or even if you are just getting started, you are likely using npm audit to scan package dependencies in your projects. It's ...
Gartner: You Must Assess Overall Software Health and Welfare
Gartner’s recent report Technology Insight for Software Composition Analysis, makes four open-source security recommendations that companies should think about when determining what type of software composition analysis program they want to have ...
Nexus Lifecycle Now Integrates with Azure DevOps to Secure Software Supply Chains in the Cloud
As more and more software development teams move to the cloud, it is now more important than ever to ensure that only the best open source components make it into a final ...
