Find and fix vulnerabilities in seconds using GitHub PR reviews with line comments

By Kevin Miller on July 07, 2020 github

2 minute read time

Pull Request line comments highlight code that introduces a policy violation. This gives developers the information needed to remediate security risks.
Read More...

NIST: Adopt a Secure Software Development Framework (SSDF) to mitigate risk of software vulnerabilities

2 minute read time

NIST recommends a SSDF framework to assess open source component cybersecurity risks, including an SBOM and automated security controls in the SDLC.
Read More...

Building Microservice Architecture on Kubernetes

By Derek Weeks on August 22, 2019 open source goveranance

2 minute read time

Namespace-level isolation is helpful for managing Kubernetes architecture. Also, do not put all things in the default namespace. Keep it simple.
Read More...

NIST Proposes Standards to Secure Government SDLC

3 minute read time

NIST has proposed a set of standards to address the growing need for better software security. Public comment is open until August 5, 2019.
Read More...

You Can't Manage What You Can't See: Open Source Governance Starts with Visibility

By Derek Weeks on December 17, 2018 open source goveranance

2 minute read time

During the interview, Richard Spires, former CIO at the Internal Revenue Service and now CEO of Learning Tree International, said one of the biggest takeaways.
Read More...

Doctor, Doctor, Can't You See?  Congress Calls for Cybersecurity.

By Derek Weeks on November 17, 2017 software bill of materials

3 minute read time

Congressman Walden sent a letter to the U.S. Department of Health and Human Services (HHS) requesting a software bill of materials (SBOM).
Read More...

Internet of Things Cybersecurity Improvement Act of 2017

By Derek Weeks on August 01, 2017 open source goveranance

4 minute read time

Internet of Things Cybersecurity Improvement Act of 2017
Read More...

The Trump White House Takes Aim at Cybersecurity

5 minute read time

The Trump White House Takes Aim at Cybersecurity. Introduces Executive Order: STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE.
Read More...

The Open Source Software Index is BOSS!  Here's Why.

By Matt Howard on April 09, 2017 open source goveranance

5 minute read time

Dharmesh Thakker from Battery Ventures unveiled the Battery Open-Source Software Index. Beyond it's clever name, the index is BOSS for four reasons.
Read More...