Governance in Software Composition Analysis Governance in SCA solutions is an often overlooked yet extremely powerful feature set that can significantly improve a company’s supply chain security, and legal compliance. Governance or Governance Policies consist of the ability to create rules which restrict open source packages based on certain criteria. The result of running these…
Continue ReadingSCA
Industry News
Fidelity says data breach exposed personal data of 77,000 customers
Internet Archive hacked, data breach impacts 31 million users
Water supplier American Water Works says systems hacked
Attackers Flood NPM Repository with Over 15,000 Spam Packages Containing Phishing Links
SEC Charges SolarWinds and CISO with Fraud, Internal Control Failures
SOOS Community Edition is Totally Free!
SOOS’s new Community Edition is a totally free version of our software composition analysis (SCA) tool available to educational users and all developers working on open source projects. That’s FREE, as in beer. Free Vulnerability Scanner Now you can access the most practical and effective supply chain security tool available, at no cost. Identify and…
Continue ReadingSOOS Year in Review
We’ve had an exciting year at SOOS. We want to thank all of our customers for a great 2022, and an even better 2023!
Continue ReadingHidden Backdoors Leading to JavaScript Vulnerabilities
In 1845, Edgar Allan Poe wrote “The Purloined Letter”, a tale of a blackmailer who confounded police by hiding a letter in plain sight. Nearly two centuries later, a real-life generation of predators may use a similar technique to exploit JavaScript vulnerabilities. Understanding the method begins with a look at how text read by billions…
Continue ReadingWhat Is CI/CD? The CI/CD Definition
Development teams require a pipeline for delivering frequent and reliable changes to applications. The continuous integration and continuous delivery pipeline, or CI/CD tools, provides developers with the necessary implementation methods. Continuous integration is a coding and management philosophy designed to permit the use of various tools and platforms while controlling repositories against changes. Primarily, CI…
Continue ReadingShould I Buy a Software Composition Analysis Tool?
The integration of open-source software into websites and applications allows for rapid deployment of new functionality and delivering on high-impact projects. While the benefits of using open-source software outweigh the risks, developers and companies cannot deny that risks exist, which is the reason for SCA tools. With OSS, the author is often unknown. As well,…
Continue ReadingOWASP Testing Guide
Insecure software is one of the biggest challenges in today’s business world. The rise of social networking sites and web applications has made it all the more important for business owners to secure their software, applications, and data. The Open Web Application Security Project plays an essential role in helping businesses secure their networks. The…
Continue ReadingNodeBB Open Source Software Vulnerabilities
As a software service, NodeBB supports either a PostgreSQL, Redis, or MongoDB database that facilitates web sockets for real-time notifications and interactions between users. The software allows for real-time discussions and mobile interactions while also providing an original forum format for users. NodeBB contains certain functionalities, while additional integrations can be accomplished through external plugins…
Continue ReadingHow To Scan Docker Images for Vulnerabilities
For any software development project, it is essential that the components of the software are not susceptible to any vulnerabilities. The case is no different when working in Docker, where images should be checked for vulnerabilities before being uploaded to Docker Hub or another registry. To take advantage of Docker’s benefits, learn about its containerized…
Continue ReadingCoding Vulnerabilities and Preventions
Software vulnerabilities have existed since the advent of the internet. Errors, defects, bugs, and oversight give cybercriminals the advantage they need to steal data, hijack servers, or manipulate your systems. The more complex the technology, the more sophisticated the hackers’ techniques. The only way to thwart bad actors and secure your enterprise is to ensure…
Continue Reading