open-source-security
Safeguard articles tagged "open-source-security" — guides, analysis, and best practices for software supply chain and application security.
341 articles
Snyk vs Sonatype: A Head-to-Head SCA Comparison
We break down the real differences between Snyk and Sonatype for software composition analysis, covering vulnerability detection, developer experience, and pricing.
OpenSSL Project Governance: Security Lessons from Heartbleed and Beyond
OpenSSL's transformation from a two-person project securing half the internet to a properly governed foundation offers a blueprint for open source security governance.
Mend.io (WhiteSource): The Renamed SCA Veteran
A review of Mend.io, formerly WhiteSource, covering its SCA capabilities, Renovate integration, automated remediation, and position in the crowded dependency scanning market.
OpenSSF Alpha-Omega Project: Securing Open Source at Scale
The Alpha-Omega Project, backed by $5M from Google and Microsoft, aims to improve security of the most critical open source projects. Here's what it means for the ecosystem.
Software Composition Analysis: The 2021 Buyer's Guide
SCA tools have exploded in number and capability. Here's how to evaluate them without getting lost in vendor marketing.