Malicious attacks on public open source repositories are now as pervasive as developers' use of open source dependencies. The ReversingLabs State of Software Supply Chain Security Report 2024 marked a 1,300% increase in malicious open source packages from 2020 to 2023, an increase of 28% over 2022.
The problem extends far beyond vulnerabilities; state-sponsored malware and tampering campaigns target popular open source projects that are unknowingly added to your final build.
Developers need a way to be able to trust the integrity of their dependencies in order to deliver feature-rich software securely and at speed.
In this episode of the Spectra Assure Spotlight Series we take a deeper look at Spectra Assure Community, the largest, free community resource that makes it easy for software producers to quickly vet open source software packages providing a comprehensive risk analysis.
Key Insights Include:
- ✓ How developers can obtain a free risk assessment of over 5 million code packages from open source repositories like npm, PyPi, and RubyGems
-
✓ Practice sound security hygiene by selecting packages free of malware, tampering, suspicious behaviors, vulnerabilities, licensing issues, and other threats.
- ✓ Stay up-to-date on emerging threats emerging within popular open source communities
Learn more about our Spectra Assure Solution for Software Supply Chain Security. Catch up on previous episodes in Spectra Assure Product Spotlight Series.