Today more than 90% of software is built on open source packages. These packages may have unknown risks, such as security vulnerabilities, poorly maintained codebases and undesirable licenses. In the .NET ecosystem, these open source packages are usually managed via the NuGet package manager, although others, such as Paket, exist as well. What’s important to…
Continue ReadingSCA
Industry News
SOOS Community Edition is Totally Free!
SOOS’s new Community Edition is a totally free version of our software composition analysis (SCA) tool available to educational users and all developers working on open source projects. That’s FREE, as in beer. Free Vulnerability Scanner Now you can access the most practical and effective supply chain security tool available, at no cost. Identify and…
Continue Reading
SOOS Year in Review
We’ve had an exciting year at SOOS. We want to thank all of our customers for a great 2022, and an even better 2023!
Continue Reading
Hidden Backdoors Leading to JavaScript Vulnerabilities
In 1845, Edgar Allan Poe wrote “The Purloined Letter”, a tale of a blackmailer who confounded police by hiding a letter in plain sight. Nearly two centuries later, a real-life generation of predators may use a similar technique to exploit JavaScript vulnerabilities. Understanding the method begins with a look at how text read by billions…
Continue ReadingWhat Is CI/CD? The CI/CD Definition
Development teams require a pipeline for delivering frequent and reliable changes to applications. The continuous integration and continuous delivery pipeline, or CI/CD tools, provides developers with the necessary implementation methods. Continuous integration is a coding and management philosophy designed to permit the use of various tools and platforms while controlling repositories against changes. Primarily, CI…
Continue Reading
Should I Buy a Software Composition Analysis Tool?
The integration of open-source software into websites and applications allows for rapid deployment of new functionality and delivering on high-impact projects. While the benefits of using open-source software outweigh the risks, developers and companies cannot deny that risks exist, which is the reason for SCA tools. With OSS, the author is often unknown. As well,…
Continue Reading
OWASP Testing Guide
Insecure software is one of the biggest challenges in today’s business world. The rise of social networking sites and web applications has made it all the more important for business owners to secure their software, applications, and data. The Open Web Application Security Project plays an essential role in helping businesses secure their networks. The…
Continue Reading
NodeBB Open Source Software Vulnerabilities
As a software service, NodeBB supports either a PostgreSQL, Redis, or MongoDB database that facilitates web sockets for real-time notifications and interactions between users. The software allows for real-time discussions and mobile interactions while also providing an original forum format for users. NodeBB contains certain functionalities, while additional integrations can be accomplished through external plugins…
Continue Reading
How To Scan Docker Images for Vulnerabilities
For any software development project, it is essential that the components of the software are not susceptible to any vulnerabilities. The case is no different when working in Docker, where images should be checked for vulnerabilities before being uploaded to Docker Hub or another registry. To take advantage of Docker’s benefits, learn about its containerized…
Continue Reading
Coding Vulnerabilities and Preventions
Software vulnerabilities have existed since the advent of the internet. Errors, defects, bugs, and oversight give cybercriminals the advantage they need to steal data, hijack servers, or manipulate your systems. The more complex the technology, the more sophisticated the hackers’ techniques. The only way to thwart bad actors and secure your enterprise is to ensure…
Continue Reading