Open Source security comes to GitHub
|Richard Harris in Open Source Thursday, August 16, 2018|
Open Source security platform software, Sonatype DepShield, provides security governance that the DevSecOps community says it requires.
Sonatype announced Sonatype DepShield, a new GitHub application that enables developers to experience basic open source security governance, free of charge. Powered by Sonatype’s OSS Index, DepShield integrates directly into GitHub repositories and allows developers to easily identify and avoid using open source components with known vulnerabilities.
“The need for more secure coding practices has never been greater,” said Wayne Jackson, CEO of Sonatype. “Developers live, eat, and breathe in GitHub. While developers find value in GitHub’s native dependency graph, they need and are demanding, more self-help security. With DepShield, we’re enabling 28 million developers to add an initial layer of defense, to not only help protect their software projects but the millions of enterprises, organizations, and individuals who will use their code down the road.”
Sonatype DepShield features include:
- Continuously monitors projects and auto-creates issues for security vulnerabilities
- Ability to view a list of known security vulnerabilities within GitHub’s Issue Tracker and click on an issue to view vulnerability details including CVE and CVSS
- Determine vulnerable version ranges on each given vulnerability
- Available for free, serving both private and public GitHub repositories
Sonatype’s 2018 DevSecOps Community survey revealed just how important open source governance is, with 1 in 3 organizations noting they suspected or verified breaches due to OSS vulnerabilities - a 55 percent increase since 2017. The need to empower developers is further underscored by the IDC FutureScape: Worldwide Developers & DevOps 2018 Predictions in which analysts note that “development without integrated security compliance will fail. Security-led development will be a priority for 90% of orgs by 2020.” In the wake of the Equifax breach, as more companies prioritize enterprise-wide open source governance, empowering developers with real-time component intelligence is imperative.
Are you paying more taxes than you have to as a developer or freelancer? The IRS is certainly not going to tell you about a deduction you failed to take, and your accountant is not likely to take the time to ask you about every deduction you’re entitled to. As former IRS Commissioner Mark Everson admitted, “If you don’t claim it, you don’t get it.
Get hands-on experience in performing simple to complex mobile forensics techniques Retrieve and analyze data stored not only on mobile devices but also through the cloud and other connected mediums A practical guide to leveraging the power of mobile forensics on popular mobile platforms with lots of tips, tricks, and caveats.
The Chirp GPS app is a top-ranked location sharing app available for Apple and Android that is super easy to use, and most of all, it's reliable.
Write and run code every step of the way, using Android Studio to create apps that integrate with other apps, download and display pictures from the web, play sounds, and more. Each chapter and app has been designed and tested to provide the knowledge and experience you need to get started in Android development.