Open Source

Log4j Detection with JFrog OSS Scanning Tools

Dec 28, 2021 By Ilya Khivrich In JFrog

The discovery of the Log4Shell vulnerability in the ubiquitous Apache Log4j package is a singular event in terms of both its impact and severity. Over 1 million attack attempts exploiting the Log4Shell vulnerability were detected within days after it was exposed, and it may take years before we see its full impact.

Read Post

JFrog

Read more about Log4j Detection with JFrog OSS Scanning Tools

It takes a community: Responding to open source criticism post-Log4Shell

Dec 23, 2021 By Randall Degges In Snyk

The last week has been a wild ride for just about everyone in the technology world due to the public disclosure of the Log4Shell vulnerability. As a developer security company, Snyk has built our business around proactive automation to identify and fix security issues in applications. To say we’ve been busy this week would be an understatement.

Read Post

Snyk

Read more about It takes a community: Responding to open source criticism post-Log4Shell

How Black Duck Addresses the Log4j Zero-Day Open Source Vulnerability

Dec 23, 2021 By Synopsys In Synopsys

Synopsys experts will demonstrate how to use Black Duck to quickly discover and remediate open source security vulnerabilities like Log4j. Black Duck Software Composition Analysis (SCA) not only helps you address open source risk, but enables you to stay ahead of the next zero-day open source vulnerability with robust scanning, detailed and actionable security information and continuous monitoring and alerting.

View Video

Synopsys

Read more about How Black Duck Addresses the Log4j Zero-Day Open Source Vulnerability

Securing Open Source: Best Practices Webinar Replay

Dec 22, 2021 By Rezilion In Rezilion

Open source code is frequently used in app development and can introduce vulnerabilities into environments making them easily exploited by cybercriminals. View the replay of this panel discussion to learn how your organization can reduce security risks.

View Video

Rezilion

Read more about Securing Open Source: Best Practices Webinar Replay

Snyk Open Source in 2021: A year of innovation

Dec 21, 2021 By Daniel Berman In Snyk

More than 90% of organizations rely on open source software, a reliance that introduces a significant amount of security and legal risk via either direct or transitive open source dependencies. To overcome this challenge, Software Composition Analysis (SCA) solutions are playing an increasingly important role in helping organizations successfully identify and mitigate potential security issues.

Read Post

Snyk

Read more about Snyk Open Source in 2021: A year of innovation

Arctic Wolf Releases Open Source Log4Shell Detection Script

Dec 17, 2021 By Arctic Wolf In Arctic Wolf

After successful deployment to Arctic Wolf’s customer community of more than 2,300 organizations worldwide, today we are making “Log4Shell Deep Scan” publicly available on GitHub. Log4Shell Deep Scan enables detection of both CVE-2021-45046 and CVE-2021-44228 within nested JAR files, as well as WAR and EAR files.

Read Post

Arctic Wolf

Read more about Arctic Wolf Releases Open Source Log4Shell Detection Script

Snyk gives warning: update your Apache Log4j software immediately

Dec 14, 2021 By Snyk In Snyk

Last Friday, a critical vulnerability was discovered in the popular open source software, Apache Log4j 2. Developer-first security company, Snyk, warns of the potentially large impact on companies.

Read Post

Snyk

Read more about Snyk gives warning: update your Apache Log4j software immediately

Snyk Open Source adds beta C/C++ security scanning for unmanaged OSS

Dec 8, 2021 By Daniel Berman In Snyk

We’re happy to announce the open beta of C/C++ security scanning in Snyk Open Source, enabling development and security teams to find and fix known security vulnerabilities in their C/C++ open source code and libraries! Used across various industry verticals and prominent within the gaming, hardware/IoT, and communications industries, C/C++ continues to have a major impact on software development and the technology space as a whole.

Read Post

Snyk

Read more about Snyk Open Source adds beta C/C++ security scanning for unmanaged OSS

A Kubernetes Controller for Styra DAS

Nov 30, 2021 By Jan Willies - Contributor In Styra

We just open sourced our Kubernetes controller for the Styra Declarative Authorization Service (DAS). If you are interested in managing OPAs via Styra DAS via Kubernetes, read on.

Read Post

Styra

Read more about A Kubernetes Controller for Styra DAS

The Kubernetes' Open-Source Tools to Check out in 2022

Nov 25, 2021 By Jonathan Kaftzan In ARMO

In 2014, Kubernetes surfaced from work at Google and quickly became the de facto standard for container management and orchestration. Despite its silicon valley origins, it became one of the most impactful open-source projects in the history of computing. Today, the Cloud Native Computing Foundation (CNCF) maintains Kubernetes with many private companies and independent open-source developers.

Read Post