ZDNet

GitHub: Our dependency scan has found four million security flaws in public repos

GitHub says its security scan for old vulnerabilities in JavaScript and Ruby libraries has turned up over four million bugs and sparked a major clean-up by project owners. The massive bug-find total ...
ZDNet

GitHub security alerts now support PHP projects

Since the Dependency Graph feature is intertwined with the Security Alerts (Vulnerability Alerts) feature, this also means GitHub users will also be eligible to receive automatic security alerts for ...
Infosecurity-magazine.com

Dependency Confusion Vulnerability Found in Apache Project

A dependency confusion vulnerability has been found within an archived Apache project. According to new data by Legit Security, who made the discovery, the finding underscores the importance of ...
Dark Reading

Malicious NPM Packages Disguised With 'Invisible' Dependencies

As poisoned software continues to pop up across the industry, some threat actors have found a way to hide malicious code in npm packages and avoid detection from most security tools. In an blog post ...
CRN

Coverity's Prevent To Bring Self-Build Capability To Open Source project scans

"Right now, we're the bottleneck," admits Coverity open source strategist David Maxwell. "Unfortunately there's only so much time in the day to include all the projects." As open source development ...
Dark Reading

On Shaky Ground: Why Dependencies Will Be Your Downfall

Software dependencies, or a piece of software that an application requires to function, are notoriously difficult to manage and constitute a major software supply chain risk. If you're not aware of ...