Although open-source speeds up development, there are risks associated with licensing. This blog examines the ways in which Software Bills of Materials, or SBOMs, facilitate audits, enforce license compliance, and identify infractions early. Discover how to use tools like Vet to incorporate license checks into your DevSecOps pipeline.
A malicious npm package impersonating the popular Express cookie parser package was discovered by SafeDep Cloud malicious package scanning service.
A malicious npm package impersonating the popular Java logging framework SLF4J is discovered by SafeDep Cloud malicious package scanning service.
Malware hidden in open source library packages are real. In this article, we analyse the malicious npm package llm-oracle.
This is a talk given at Accel Cyber Security Summit 2024 about securing the open source software supply chain using SafeDep vet. This talk highlights a case study of using policy as code for setting up guardrails
Install GitHub App