Published : Oct 28, 2020
NOT ON THE CURRENT EDITION
This blip is not on the current edition of the Radar. If it was on one of the last few editions, it is likely that it is still relevant. If the blip is older, it might no longer be relevant and our assessment might be different today. Unfortunately, we simply don't have the bandwidth to continuously review blips from previous editions of the Radar. Understand more
Assess Worth exploring with the goal of understanding how it will affect your enterprise.
It's important for a development team to identify whether the dependencies of their application have known vulnerabilities. OSS Index could be used to achieve this goal. OSS Index is a free catalog of open-source components and scanning tools designed to help developers identify vulnerabilities, understand risk and keep their software safe. Our teams are already integrating this index into pipelines via different languages, including AuditJS and Gradle plugin. The speed is fast, vulnerabilities are identified accurately and few false positives occur.