OSS Index

This blip is not on the current edition of the Radar. If it was on one of the last few editions it is likely that it is still relevant. If the blip is older it might no longer be relevant and our assessment might be different today. Unfortunately, we simply don't have the bandwidth to continuously review blips from previous editions of the RadarUnderstand more
Published: Oct 28, 2020
Oct 2020

It's important for a development team to identify whether the dependencies of their application have known vulnerabilities. OSS Index could be used to achieve this goal. OSS Index is a free catalog of open-source components and scanning tools designed to help developers identify vulnerabilities, understand risk and keep their software safe. Our teams are already integrating this index into pipelines via different languages, including AuditJS and Gradle plugin. The speed is fast, vulnerabilities are identified accurately and few false positives occur.