SOOS’s new Community Edition is a totally free version of our software composition analysis (SCA) tool available to educational users and all developers working on open source projects. That’s FREE, as in beer. Free Vulnerability Scanner Now you can access the most practical and effective supply chain security tool available, at no cost. Identify and…
Continue ReadingSCA
Industry News
SOOS Year in Review
We’ve had an exciting year at SOOS. We want to thank all of our customers for a great 2022, and an even better 2023!
Continue ReadingHidden Backdoors Leading to JavaScript Vulnerabilities
In 1845, Edgar Allan Poe wrote “The Purloined Letter”, a tale of a blackmailer who confounded police by hiding a letter in plain sight. Nearly two centuries later, a real-life generation of predators may use a similar technique to exploit JavaScript vulnerabilities. Understanding the method begins with a look at how text read by billions…
Continue ReadingWhat Is CI/CD? The CI/CD Definition
Development teams require a pipeline for delivering frequent and reliable changes to applications. The continuous integration and continuous delivery pipeline, or CI/CD tools, provides developers with the necessary implementation methods. Continuous integration is a coding and management philosophy designed to permit the use of various tools and platforms while controlling repositories against changes. Primarily, CI…
Continue ReadingShould I Buy a Software Composition Analysis Tool?
The integration of open-source software into websites and applications allows for rapid deployment of new functionality and delivering on high-impact projects. While the benefits of using open-source software outweigh the risks, developers and companies cannot deny that risks exist, which is the reason for SCA tools. With OSS, the author is often unknown. As well,…
Continue ReadingOWASP Testing Guide
Insecure software is one of the biggest challenges in today’s business world. The rise of social networking sites and web applications has made it all the more important for business owners to secure their software, applications, and data. The Open Web Application Security Project plays an essential role in helping businesses secure their networks. The…
Continue ReadingNodeBB Open Source Software Vulnerabilities
As a software service, NodeBB supports either a PostgreSQL, Redis, or MongoDB database that facilitates web sockets for real-time notifications and interactions between users. The software allows for real-time discussions and mobile interactions while also providing an original forum format for users. NodeBB contains certain functionalities, while additional integrations can be accomplished through external plugins…
Continue ReadingHow To Scan Docker Images for Vulnerabilities
For any software development project, it is essential that the components of the software are not susceptible to any vulnerabilities. The case is no different when working in Docker, where images should be checked for vulnerabilities before being uploaded to Docker Hub or another registry. To take advantage of Docker’s benefits, learn about its containerized…
Continue ReadingCoding Vulnerabilities and Preventions
Software vulnerabilities have existed since the advent of the internet. Errors, defects, bugs, and oversight give cybercriminals the advantage they need to steal data, hijack servers, or manipulate your systems. The more complex the technology, the more sophisticated the hackers’ techniques. The only way to thwart bad actors and secure your enterprise is to ensure…
Continue ReadingOpen Source License Compliance
The great thing about using open-source software is not having to reinvent the wheel when creating your own applications. The reason that we can use so much third-party open source code is that there are licenses that allow us to do so–but, as with all things legal, there can be many tricky conditions and clauses…
Continue Reading