Google Launches and Assured OSS Services to Improve the Security of Open-Source Software Packages


Published on:

Google has announced two new initiatives to increase the security and dependability of open-source software packages developers use. The first one is, a free API service offering complete dependency and security information for over 5 million packages written in various programming languages.

The service collects security metadata from multiple sources for 50 million versions found in public repositories such as Go, Maven (Java), PyPI (Python), npm (JavaScript), and Cargo (Rust). It plans to add information on NuGet packages (.NET framework). With, developers can find answers to important questions such as what versions are available for a particular package, what software licenses a particular version uses, how many dependencies a package has and what they are, and which packages and versions correspond to a particular file. This information can assist developers in making sensible choices when analyzing the risks of using various packages as part of a project.

The second initiative launched by Google is the Assured Open Source Software (Assured OSS) public service. This service provides development teams with a repository of secure packages for Python and Java, curated by Google itself. This move by Google is timely amid recent reports of malware in developer repositories. The Assured OSS repository aims to mitigate the risks associated with using open-source software packages, especially for private and in-house developers who keep frequently used repositories in their local repositories to minimize potential risks if the public version of a popular package is compromised. This procedure can cause security fixes to be delayed for an extended period, compromising the final product’s security.

The Assured OSS repository curated by Google specialists will make the development process safer and more reliable. Many studies have shown that organizations frequently use outdated and vulnerable versions of open-source components in their applications, which poses significant risks. Google’s repository is designed to solve this problem by providing development teams with a curated list of secure packages that they can use confidently.

Vishak is a skilled Editor-in-chief at Code and Hack with a passion for AI and coding. He has a deep understanding of the latest trends and advancements in the fields of AI and Coding. He creates engaging and informative content on various topics related to AI, including machine learning, natural language processing, and coding. He stays up to date with the latest news and breakthroughs in these areas and delivers insightful articles and blog posts that help his readers stay informed and engaged.

Related Posts:

Leave a Reply

Please enter your comment!
Please enter your name here