wants to make it easier for developers to have open-source governance with the release of . The solution is a application that integrates directly within repositories, enabling developers to identify open-source .

According to the company, DepShield constantly monitors projects and automatically creates issues when security vulnerabilities are detected. It offers the ability to view a list of known vulnerabilities within GitHub’s Issue Tracker and expand issues to view vulnerability details such as CVE and CVSS. It also helps developers determine vulnerable version ranges on each vulnerability.

“The need for more secure coding practices has never been greater,” said Wayne Jackson, CEO of Sonatype.  “Developers live, eat, and breathe in GitHub. While developers find value in GitHub’s native dependency graph, they need, and are demanding, more self-help security.  With DepShield, we’re enabling 28 million developers to add an initial layer of defense, to not only help protect their software projects, but the millions of enterprises, organizations and individuals who will use their code down the road.”

DepShield is available now for Apache Maven, but JavaScript and Python support are coming soon, Sonatype explained.

“As a part of DevSecOps initiatives, organizations are automating application security within their DevOps pipeline. With DepShield, we are enabling organizations to shift their security practices as far left as possible — empowering developers to introduce open source hygiene within their GitHub repositories,” Michelle Dufty, senior director of product marketing for Sonatype, wrote in a post.



Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here