Open Source security comes to GitHub
Posted on Thursday, August 16, 2018 by RICHARD HARRIS, Executive Editor

Sonatype announced Sonatype DepShield, a new GitHub application that enables developers to experience basic open source security governance, free of charge. Powered by Sonatype’s OSS Index, DepShield integrates directly into GitHub repositories and allows developers to easily identify and avoid using open source components with known vulnerabilities.

“The need for more secure coding practices has never been greater,” said Wayne Jackson, CEO of Sonatype.  “Developers live, eat, and breathe in GitHub. While developers find value in GitHub’s native dependency graph, they need and are demanding, more self-help security.  With DepShield, we’re enabling 28 million developers to add an initial layer of defense, to not only help protect their software projects but the millions of enterprises, organizations, and individuals who will use their code down the road.”

Sonatype DepShield features include:

  • Continuously monitors projects and auto-creates issues for security vulnerabilities
     
  • Available for Apache Maven today with JavaScript and Python coming soon
     
  • Ability to view a list of known security vulnerabilities within GitHub’s Issue Tracker and click on an issue to view vulnerability details including CVE and CVSS
     
  • Determine vulnerable version ranges on each given vulnerability
     
  • Available for free, serving both private and public GitHub repositories


Sonatype’s 2018 DevSecOps Community survey revealed just how important open source governance is, with 1 in 3 organizations noting they suspected or verified breaches due to OSS vulnerabilities - a 55 percent increase since 2017. The need to empower developers is further underscored by the IDC FutureScape: Worldwide Developers & DevOps 2018 Predictions in which analysts note that “development without integrated security compliance will fail. Security-led development will be a priority for 90% of orgs by 2020.” In the wake of the Equifax breach, as more companies prioritize enterprise-wide open source governance, empowering developers with real-time component intelligence is imperative.

More App Developer News

Tether QVAC SDK Powers AI Across Devices and Platforms



APAC 5G expansion to fuel 347B mobile market by 2030



How AI is causing app litter everywhere



The App Economy Is Thriving



NIKKE 3.5 anniversary update livestream coming soon



New AI tool targets early dementia detection



Jentic launch gives AI agents api access



Experts warn ai-generated health content risks misinterpretation without human oversight



Ludo.ai Unveils API and MCP Beta to Power AI Game Asset Pipelines



AccuWeather Launches ChatGPT Integration for Live Weather Updates



Stop Using Business Jargon: 5 Ways Buzzwords Damage Job Performance



IT spending rises as banks balance legacy and innovation



Tech hiring slumps as Software Developer job postings fall



AI is becoming more widespread in collaboration tools



FCC prohibits new foreign router models citing critical infrastructure risks



ChatGPT Carbon Footprint Matches 1.3 Million Cars Report Finds



Lens Launches MCP Server to Connect AI Coding Assistants with Kubernetes



Accelerating corporate ai investment returns



Enviromates tech startup launches global participation platform



Private Repository Secures the AI-driven Development Boom



UK Fintech Platform Enviromates Connects Projects Brands and Consumers



Env Zero and CloudQuery Announce Merger



How Industrial AI Is Transforming Operations in 2026



AI generated work from managers is damaging trust among employees



Foresight Secures $25M to Bridge Infrastructure Execution Gap



Copyright © 2026 by Moonbeam

Address:
1855 S Ingram Mill Rd
STE# 201
Springfield, Mo 65804

Phone: 1-844-277-3386

Fax:417-429-2935

E-Mail: contact@appdevelopermagazine.com