InfoQ

Google Releases Open-Source Vulnerability Scanning Tool

Google has released OSV-Scanner, an open-source front-end interface to the Open Source Vulnerability (OSV) database. The OSV database is a distributed, open-source database that stores vulnerability ...
Bleeping Computer

New open-source tool scans public AWS S3 buckets for secrets

A new open-source 'S3crets Scanner' scanner allows researchers and red-teamers to search for 'secrets' mistakenly stored in publicly exposed or company's Amazon AWS S3 storage buckets. Amazon S3 ...
Computerworld

OpenLogic pushes open-source scan service for M&As

OpenLogic, which provides support and auditing services for open-source software, announced a new offering on Monday aimed at customers in the process of buying other companies. The M&A Open Source ...
Dark Reading

Code-Scanning Tool's License at Heart of Security Breakup

A group of nine application security service providers announced they would "fork" the popular code-scanning project Semgrep, creating a new codebase, after a series of moves by the eponymous startup ...
CSOonline

Malicious open-source software packages have exploded in 2024

The open-source development ecosystem has experienced a significant rise in malicious software components, putting enterprises on high alert for software supply chain attacks. Malware is infiltrating ...
CSOonline

SBOM buyer’s guide: 8 top software bill of materials tools to consider

To really secure software, you need to know what’s inside its code. That’s why a software bill of materials (SBOM) is essential today. It used to be that we didn’t worry that much about our code’s ...