Our great sponsors
-
packj
Packj stops :zap: Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
trivy
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
- Building a high quality C/C++ vulnerability database.
You can follow the two linked issues here: https://github.com/google/osv-scanner/issues/82 for updates!
Great to see a developer-friendly tool around OSV! Packj [1] uses OSV APIs to report vulnerable PyPI/NPM/Rubygems packages. Disclaimer: I built it.
1. https://github.com/ossillate-inc/packj flags malicious/risky packages.
Depends exactly what you're trying to create it for. I advocate for doing it during the build process rather than as a step after.
We open sourced a few tools that do it automatically for containers:
https://github.com/chainguard-dev/apko
https://github.com/chainguard-dev/melange
Depends exactly what you're trying to create it for. I advocate for doing it during the build process rather than as a step after.
We open sourced a few tools that do it automatically for containers:
https://github.com/chainguard-dev/apko
https://github.com/chainguard-dev/melange
I like trivy[1] a lot. Nice to see more alternatives like this.
1. https://github.com/aquasecurity/trivy
We've an open-source project that does this: https://github.com/osssanitizer/maloss I'm working on creating a CLI/web interface for this. Happy to chat (email in profile).
Related posts
- Docker image vulnerabilities scanning trivy vs synk.io
- Docker image vulnerabilities scanning trivy vs synk.io
- Free tool for generating SBOM and CVEs against source or binaries
- Improving your CI/CD Pipeline: Helm Charts Security Scanning with Trivy and GitHub Actions
- v0.33.0 · Discussion #3077 · aquasecurity/trivy