Fixing a vulnerability? Make sure your GitHub isn't showing too much

By Ax Sharma on April 04, 2022 github

5 minute read time

February's $326 million crypto hack at Wormhole and this month's findings by Sonatype shed light on the importance of secrets management for open source.
Read More...

Dirty Rivers Flow Downstream, Leading to Dirty Reservoirs

By Sylvia Fronczak on November 02, 2018 devsecops

6 minute read time

A reservoir is created by rivers and streams that flow into it. What if one of those rivers is polluted? It pollutes the whole thing.
Read More...

The Key to Enterprises Remaining Competitive Is Safe Open Source

By Erik Dietrich on October 30, 2018 Enterprise DevOps

6 minute read time

Enterprises Need Open Source, And Everyone Needs Security. The Only Way Forward Lies in Responsible, Vetted Open Source Governance.
Read More...

Software Composition Analysis: Precision Definitely Matters (Just Ask Our Competitors)

3 minute read time

Just two years ago, SCA was more about helping traditional security professionals identify suspects across a broad spectrum of open source ecosystems.
Read More...

What can we learn from 200 Billion JavaScript downloads

By Derek Weeks on February 08, 2018 Javascript

6 minute read time

JavaScript packages downloaded from the npm repository now tops 200 billion downloads annually. We dissect what that means for the open source community.
Read More...