We are excited to announce the inaugural edition of the Mend.io Open-Source Reliability Leaderboard! Powered by data from Renovate, the wildly popular open-source dependency management tool, the Leaderboard presents the top packages in terms of reliability across three of the most widely used languages.

Malicious npm packages and their dangers have been a frequent topic of discussion — whether it’s hundreds of command-and-control Cobalt Strike malware packages, typosquatting, or general malware published to the npm registry (including PyPI and others). To help developers and maintainers defend against these security risks, Snyk published a guide to npm security best practices.

According to Mend.io research, the Apache 2.0 license is the most popular license of its kind, as 30% of open source licenses currently in use is Apache. Owing to its frequent use, it’s important to understand how the license works, its benefits, limitations, implications, and requirements. To help you, here are ten frequently asked questions about it.

The 2023 OSSRA report indicates that organizations are failing to patch high-risk vulnerabilities; our vulnerability deep-dive shows how to evaluate your own risk. According to the 2023 “Open Source Security and Risk Analysis” (OSSRA) report, 96% of commercial code contains open source material. In fact, 76% of the code that Black Duck® Audit Services scanned in 2022 was open source.

Open source code is a vital aspect of modern development. It allows developers to increase their application’s functionality, while reducing overall development time. However, the system isn’t perfect. The nature of third party software and it’s dependencies often creates opportunity for security vulnerabilities to lurk in libraries and downloads.

Modern applications are hugely dependent on open-source software. 80 percent of most organizations’ apps and code base is now open source, in some cases more. While this is great for swift development and innovation, it increases the possibility of vulnerabilities arising that bad actors can exploit, and it expands the potential attack surface.

GitHub's Push Protection is now free for all public repositories, a significant milestone for open-source security! Find out the key points you need to keep in mind before using it to safeguard your code repositories.

In the cloud native world, open source solutions are popular and widely used. Velero, an open source software, is quickly becoming a standard for Kubernetes backup and has been pulled over 100M times from Docker Hub! It is the most popular choice amongst Kubernetes community for backup and recovery. In a recent episode of TFiR, Swapnil Bhartiya sits down with Sathya Sankaran, Chief Operating Officer at CloudCasa by Catalogic, to talk about the power and potential of open source ecosystem.

The GNU General Public License (GPL) is one of the most widely used open source software licenses. It was created by the Free Software Foundation (FSF) to protect the GNU’s software from being made proprietary. The GPL emphasizes the principles of software freedom and promotes the sharing of knowledge and collaboration. It is a copyleft license that requires any modified versions or derivative works to be licensed under the GPL.