Software Composition Analysis Building a Sustainable Software Supply Chain OpenChain GM Shane Coughlan discusses indicators of sustainable software and specific steps your organization can take to improve security.
Inside FOSSA Announcing New Support for C/C++ Scanning, SBOMs FOSSA has released new features that enable C/C++ dependency scanning and make it easier for organizations to generate SBOMs.
Software Composition Analysis How FOSSA Addresses Challenges Scanning C/C++ Code Get an overview of challenges with scanning and identifying dependencies in C/C++ code, and see how FOSSA addresses these issues.
Developer Perspectives The Three Pillars of Reproducible Builds Explore three key principles of designing reproducible builds: repeatable builds, immutable environments, and source availability.
Developer Perspectives Overriding Dependency Versions and Using Version Ranges in Maven Get step-by-step guidance on managing dependencies in Maven: declaring dependencies, overriding dependency versions, and using version ranges.
Open Source in the News 5 Highlights from the U.S. Senate’s Log4J Vulnerability Hearing The U.S. Senate's hearing on Log4Shell brought to light new information on the Log4J vulnerability and industry's response to it.
Open Source in the News 6 Takeaways from the Linux Foundation's SBOM Report A new report from the Linux Foundation contains a treasure trove of data on industry attitudes toward SBOMs and software supply chain security.
Open Source Vulnerability Management React Security: How to Fix Common Vulnerabilities Explore several common vulnerabilities that impact React component libraries and see how to remediate them.
Open Source License Compliance OSS License Compliance Expert Heather Meeker on the AGPL Heather Meeker, one of the world's foremost experts on open source license compliance, discusses the AGPL and its provisions covering network deployment.
Software Composition Analysis 5 Must-Have DevSecOps Tools Software composition analysis, static application security testing, and issue tracking software are examples of mission-critical DevSecOps tools.
Open Source in the News Open Source Developer Sabotages npm Libraries ‘Colors,’ ‘Faker’ The developer behind popular npm libraries "Colors" and "Faker" intentionally sabotaged both packages. Here's what to do if your application is impacted.
Developer Perspectives Dependency Management in Visual Studio: NuGet and Beyond Learn how to manage NuGet package dependencies for your .NET projects using Visual Studio.
Open Source License Compliance Q and A: Heather Meeker on AGPL, Truth Social, OSS License Compliance Heather Meeker, one of the world's leading OSS license compliance experts, shares insight on the AGPL and the Truth Social license compliance controversy.
Open Source in the News Does TikTok Live Studio Violate GPL v2? TikTok recently released a limited test of a new live streaming service, TikTok Live Studio, that may be in violation of the GPL v2 open source software license.
Open Source Vulnerability Management How to Quickly Find and Remediate Log4J Vulnerabilities (Log4Shell) See how your organization can quickly identify and remediate Log4J vulnerabilities in your code.
Open Source Vulnerability Management How to Fix the New Log4J DoS Vulnerability: CVE-2021-45105 See the impact of the new Log4J denial of service (DoS) vulnerability, and get guidance on how to fix it.
Inside FOSSA FOSSA Partners with OpenChain to Promote Open Source Management FOSSA has partnered with OpenChain to help organizations build and maintain successful open source software license compliance programs.
Open Source Vulnerability Management Log4J "Log4Shell" Zero-Day Vulnerability: Impact and Fixes A critical vulnerability has been discovered in Apache Log4J, the popular java open source logging library. Here's what happened and how to fix it.
Inside FOSSA Introducing FOSSA's New License Scanner Here's what you can expect with FOSSA's new and improved OSS license scanner.
Developer Perspectives Managing Dependencies in .NET: .csproj, .packages.config, project.json, and More Get an overview of the artifacts involved in .NET dependency management, how they interact, and how to use them.
Inside FOSSA FOSSA Product Updates: Announcing Our New and Improved CLI Our upgraded CLI will make FOSSA integrations easier to deploy by reducing the amount of configuration needed by users.
Open Source Vulnerability Management DevSecOps 101: Understanding and Implementing DevSecOps Principles See how DevSecOps principles can make software development more secure, and discover strategies for an effective DevSecOps implementation.
Open Source in the News Embedded Malware in NPM: Coa, Rc, Ua-parser Several widely used NPM packages have been struck by malware in recent weeks. Get a deep dive into how the incidents happened and what you can do about them.
Open Source License Compliance Open Source Software Licenses 101: The Eclipse Public License Get an overview of the Eclipse Public License, including key requirements and how it compares to other weak copyleft open source licenses.
Developer Perspectives Best Practices for Testing in Go Get step-by-step guidance on writing effective tests in Go, including choosing what to test and how to make it work in your application.
