in , ,

Google Launches Deps.dev and Assured OSS Services to Improve the Security of Open-Source Software Packages

Open-Source Software Packages

Google has announced two new initiatives to increase the security and dependability of open-source software packages developers use. The first one is Deps.dev, a free API service offering complete dependency and security information for over 5 million packages written in various programming languages.

The Deps.dev service collects security metadata from multiple sources for 50 million versions found in public repositories such as Go, Maven (Java), PyPI (Python), npm (JavaScript), and Cargo (Rust). It plans to add information on NuGet packages (.NET framework). With Deps.dev, developers can find answers to important questions such as what versions are available for a particular package, what software licenses a particular version uses, how many dependencies a package has and what they are, and which packages and versions correspond to a particular file. This information can assist developers in making sensible choices when analyzing the risks of using various packages as part of a project.

The second initiative launched by Google is the Assured Open Source Software (Assured OSS) public service. This service provides development teams with a repository of secure packages for Python and Java, curated by Google itself. This move by Google is timely amid recent reports of malware in developer repositories. The Assured OSS repository aims to mitigate the risks associated with using open-source software packages, especially for private and in-house developers who keep frequently used repositories in their local repositories to minimize potential risks if the public version of a popular package is compromised. This procedure can cause security fixes to be delayed for an extended period, compromising the final product’s security.

The Assured OSS repository curated by Google specialists will make the development process safer and more reliable. Many studies have shown that organizations frequently use outdated and vulnerable versions of open-source components in their applications, which poses significant risks. Google’s repository is designed to solve this problem by providing development teams with a curated list of secure packages that they can use confidently.

Vishak

Written by Vishak

Vishak is a skilled Editor-in-chief at Code and Hack with a passion for AI and coding. He has a deep understanding of the latest trends and advancements in the fields of AI and Coding. He creates engaging and informative content on various topics related to AI, including machine learning, natural language processing, and coding. He stays up to date with the latest news and breakthroughs in these areas and delivers insightful articles and blog posts that help his readers stay informed and engaged.

Leave a Reply

Avatar

Your email address will not be published. Required fields are marked *

Adobe Premiere Pro Text-Based Editing

Adobe Introduces AI-Powered Text-Based Editing and Automatic Tonemapping in Latest Premiere Pro Update

Amazon Generative AI Technologies

Bedrock and Titan: Amazon Announces New Generative AI Tools