Sign up for our newsletter!
Stay informed on the latest DevOps news

DevOps.com

Tag: open source security

desert plants

Lineaje Adds Module to Manage Open Source Software Security Lifecycle

| | Lineaje, open source, open source manager, open source security, OSM, SBoM
This can help DevSecOps teams identify open source software projects that are not being well maintained ...
rubber ducks.

Does More Money Improve Open Source Security?

| | investment, open source, open source security, research, roi
It sounds simple: If you pay developers more money they'll improve the quality and security of their code. The evidence isn't so clear ...
Styra open source Web GitHub DevSecOps security Dynatrace Sophos Web Isolation and Secure Web Gateways with Menlo Security

How Devs Can Improve Open Source Security in the Enterprise

| | devsecops, open source, open source security, secure code
Modern applications are dynamic. They’re distributed and they’re often born in the cloud. These applications can be developed on the fly, spun up and scaled quickly to meet evolving user and market ...
DevEx, developer, experience, Backstage, developer, GitHub productivity Roadie DevX developer experience DPE open source team lead Agile hybrid developer GitLab DevRel developer GitHub BDD CircleCI Rust developer

Securing Open Source Components in a World of Mixed Committer Motivations

| | java, open source, open source security, Software Supply Chain, sonatype
Our world runs on software that contains open source components. This places an increased burden on developers, as the primary consumers and deployers of those components, to use code that is fully ...
privacy risk Sigstore GraphQL security Checkmarx Sonatype WhiteSource the secure software development

Sigstore Code Signing Service Becomes Generally Available

| | code signing, open source security, OpenSSF, Sigstore
A free digital signing service for software created by the Sigstore open source community has become generally available this week via the cloud. Announced at the SigstoreCon event that occurred during the ...
JFrog Pulumi Log4j infrastructure security

Log4j: Is There Such a Thing as ‘Too Much’ Open Source?

| | Apache Log4j, Log4J vulnerability, open source projects, open source security
The Log4j vulnerability got me thinking: Is there such a thing as too much open source? Before anyone immediately fires off a flaming email, rage tweet or scathing blog post, hear me ...
vulnerabilities

Snyk Tool Prioritizes Open Source Vulnerabilities

| | devsecops, open source, open source security, vulnerabilities
Snyk today announced it has enhanced the ability of its namesake vulnerability scanning tool by adding the ability to identify which open source vulnerabilities should be fixed first using a scoring tool ...
Sonatype OpenZiti open source software Commvault

Open Source Vulnerabilities Were Up 50% in 2019 — How Will It Impact Software Development in 2020?

| | National Vulnerability Database, open source, open source security, open source vulnerabilities, software development, State of Open Source Security Vulnerabilities Report
Open source vulnerabilities have been on the rise in recent years, but 2019 was truly one for the record books with a spike of nearly 50% over the previous year. According to ...