Why DevSecOps? Why DevSecOps? Key Takeaways DevSecOps is an extension of DevOps that integrates security into the entire software development process.Software supply chain attacks have been increasing every year making it … Read more NOW “Why DevSecOps?”
An Introduction to Software Composition Analysis An Introduction to Software Composition Analysis Key Takeaways Open source components introduce risk to an applicationThis risk comes from programming oversights, malicious code, and from other packages that an … Read more NOW “An Introduction to Software Composition Analysis”
Component Licenses FAQ Component Licenses FAQ Key Takeaways Almost all open-source software is distributed with a license that governs how you’re allowed to use it. Open Source Software is distributed with a variety … Read more NOW “Component Licenses FAQ”
Definitive Guide Series Definitive Guide Series Open-Source Component Best Practices If you use open-source components in your apps, that means you have risk. Even the most cautious consumers are vulnerable to attacks. We … Read more NOW “Definitive Guide Series”
Two Stages of Your Relationship with Components Two Stages of Your Relationship with Components Pre- and Post-Consumption Before we begin, it’s important to acknowledge that there are two stages in your relationship to open-source components. The first … Read more NOW “Two Stages of Your Relationship with Components”
Baselining Your Component Usage Baselining Your Component Usage Risk Let’s talk about risk. You’re probably reading this guide to find out how to remove some, if not all, of the risk from your product. … Read more NOW “Baselining Your Component Usage”
What is Component Security Risk? What is Component Security Risk? What is Security Risk? When you think about risk from open source components, security risks are probably what come to mind. Security risks are flaws … Read more NOW “What is Component Security Risk?”
What is Component License Risk? What is Component License Risk? What is License Risk? A component is open source when its author(s) distribute it with an open-source license attached. Open-source licenses place restrictions on the … Read more NOW “What is Component License Risk?”
What is Component Quality Risk? What is Component Quality Risk? Just as someone would scrutinize the qualities of a restaurant or their kids’ new friends, organizations should be very discerning when selecting open source components. … Read more NOW “What is Component Quality Risk?”
What are Transitive Dependencies? What are Transitive Dependencies? Open source components typically are not operational on their own. They often include and depend on the functionality of other open source components in order to … Read more NOW “What are Transitive Dependencies?”