Technology Radar
Published : Oct 28, 2020
NOT ON THE CURRENT EDITION
This blip is not on the current edition of the Radar. If it was on one of the last few editions, it is likely that it is still relevant. If the blip is older, it might no longer be relevant and our assessment might be different today. Unfortunately, we simply don't have the bandwidth to continuously review blips from previous editions of the Radar.
Understand more
Oct 2020
Assess
能够识别出应用系统的依赖是否含有已知漏洞,对于开发团队来说是很重要的事情。OSS Index 可以帮助到这一点。OSS Index是一套免费的开源组件目录,以及设计用来帮助开发者识别漏洞、了解风险并确保软件安全的扫描工具。我们的团队已经通过不同的语言,把这份索引集成到流水线中,比如 AuditJS 和 Gradle plugin。它的运行速度很快,定位漏洞精准,并且几乎没有误报。
