Blog

Follow for the latest updates and insights on
open source security & engineering.

Malware Announcements Engineering Open Source Security AI SCA Compliance & SBOM Technology CI/CD

Compliance & SBOM

License Compliance with SBOM

Although open-source speeds up development, there are risks associated with licensing. This blog examines the ways in which Software Bills of Materials, or SBOMs, facilitate audits, enforce license...

Software Bill of Materials: Foundation for Trust in Software Supply Chain

Modern software rarely ships as a single, hand-crafted binary. Instead, it is assembled from hundreds, sometimes thousands of third-party components that evolve on their own schedule. Knowing exactly...

Announcements

Introducing Container Image Scanning

Introducing Container Image Scanning, a new feature in vet to identify vulnerabilities and malicious packages in container images.

Engineering

Catching the Silent Threat: How Dynamic Analysis Revealed a Complex npm Attack Chain

Explore how analyzing runtime behaviors using Dynamic Analysis data helps uncover abnormal activities in open source packages. By examining network connections and unusual binary executions during...

Previous Next

Ship Code

Not Malware

Install the SafeDep GitHub App to keep malicious packages out of your repos.

Install GitHub App