Software Composition Analysis 5 Must-Have DevSecOps Tools Software composition analysis, static application security testing, and issue tracking software are examples of mission-critical DevSecOps tools.
Open Source in the News Open Source Developer Sabotages npm Libraries ‘Colors,’ ‘Faker’ The developer behind popular npm libraries "Colors" and "Faker" intentionally sabotaged both packages. Here's what to do if your application is impacted.
Developer Perspectives Dependency Management in Visual Studio: NuGet and Beyond Learn how to manage NuGet package dependencies for your .NET projects using Visual Studio.
Open Source License Compliance Q and A: Heather Meeker on AGPL, Truth Social, OSS License Compliance Heather Meeker, one of the world's leading OSS license compliance experts, shares insight on the AGPL and the Truth Social license compliance controversy.
Open Source in the News Does TikTok Live Studio Violate GPL v2? TikTok recently released a limited test of a new live streaming service, TikTok Live Studio, that may be in violation of the GPL v2 open source software license.
Open Source Vulnerability Management How to Quickly Find and Remediate Log4J Vulnerabilities (Log4Shell) See how your organization can quickly identify and remediate Log4J vulnerabilities in your code.
Open Source Vulnerability Management How to Fix the New Log4J DoS Vulnerability: CVE-2021-45105 See the impact of the new Log4J denial of service (DoS) vulnerability, and get guidance on how to fix it.
Inside FOSSA FOSSA Partners with OpenChain to Promote Open Source Management FOSSA has partnered with OpenChain to help organizations build and maintain successful open source software license compliance programs.
Open Source Vulnerability Management Log4J "Log4Shell" Zero-Day Vulnerability: Impact and Fixes A critical vulnerability has been discovered in Apache Log4J, the popular java open source logging library. Here's what happened and how to fix it.
Inside FOSSA Introducing FOSSA's New License Scanner Here's what you can expect with FOSSA's new and improved OSS license scanner.
Developer Perspectives Managing Dependencies in .NET: .csproj, .packages.config, project.json, and More Get an overview of the artifacts involved in .NET dependency management, how they interact, and how to use them.
Inside FOSSA FOSSA Product Updates: Announcing Our New and Improved CLI Our upgraded CLI will make FOSSA integrations easier to deploy by reducing the amount of configuration needed by users.
Open Source Vulnerability Management DevSecOps 101: Understanding and Implementing DevSecOps Principles See how DevSecOps principles can make software development more secure, and discover strategies for an effective DevSecOps implementation.
Open Source in the News Embedded Malware in NPM: Coa, Rc, Ua-parser Several widely used NPM packages have been struck by malware in recent weeks. Get a deep dive into how the incidents happened and what you can do about them.
Open Source License Compliance Open Source Software Licenses 101: The Eclipse Public License Get an overview of the Eclipse Public License, including key requirements and how it compares to other weak copyleft open source licenses.
Developer Perspectives Best Practices for Testing in Go Get step-by-step guidance on writing effective tests in Go, including choosing what to test and how to make it work in your application.
Software Composition Analysis 4 Key Elements of Technical Due Diligence Explore key areas of conducting technical due diligence, including auditing third-party software usage and evaluating protections on intellectual property.
Software Composition Analysis Q and A: Software Bill of Materials and FOSSA Get answers to frequently asked questions about using FOSSA to generate a software bill of materials.
Open Source Vulnerability Management Anatomy of a Software Supply Chain Attack Software supply chain attacks are an increasingly common and dangerous type of cyberattack. Here's how to defend against them.
Software Composition Analysis How to Generate an SBOM with FOSSA See how your organization can use FOSSA to generate a comprehensive software bill of materials in a few easy steps.
Open Source in the News bouk/monkey and the Importance of Knowing Your Dependencies A recent news item involving the bouk/monkey open source program shows why it's so important for organizations to have visibility into their dependencies.
Inside FOSSA Role-Based Access Control (RBAC), Zero Trust, and FOSSA Get an overview of FOSSA's role-based access control (RBAC), and see how it can help improve your organization's security posture.
Software Composition Analysis 3 Best Practices for OSS Management in the Automotive Industry Experts share tips and strategies to help automotive organizations improve their open source management programs.
Inside FOSSA FOSSA Product Updates: August 2021 FOSSA has launched several new features, including container scanning, analysis target configuration, expanded language support, and more.
Inside FOSSA FOSSA Receives Highest Scores Possible in License Risk Management, SBOM Criteria in Forrester Wave FOSSA was the only vendor to earn the highest possible score in both the SBOM and License Risk Management criteria.
