Navigation
Recherche
|
Google Debuts OSV-Scanner, a Go Tool For Finding Security Holes in Open Source
vendredi 16 décembre 2022, 17:00 , par Slashdot
Google this week released OSV-Scanner -- an open source vulnerability scanner linked to the OSV.dev database that debuted last year. From a report: Written in the Go programming language, OSV-Scanner is designed to scan open source applications to assess the security of any incorporated dependencies -- software libraries that get added to projects to provide pre-built functions so developers don't have to recreate those functions on their own. Modern applications can have a lot of dependencies. For example, researchers from Mozilla and Concordia University in Canada recently created a single-page web application with the React framework using the create-react-app command. The result was a project with seven runtime dependencies and nine development dependencies.
But each of these direct dependencies had other dependencies, known as transitive dependencies. The react package includes loose-envify as a transitive dependency -- one that itself depends on other libraries. All told, this basic single-page 'Hello world' app required a total of 1,764 dependencies. As Rex Pan, a software engineer on Google's Open Source Security Team, observed on Tuesday in a blog post, vetting thousands of dependences isn't something developers can do on their own. Read more of this story at Slashdot.
https://tech.slashdot.org/story/22/12/16/150212/google-debuts-osv-scanner-a-go-tool-for-finding-secu...
|
56 sources (32 en français)
Date Actuelle
ven. 24 oct. - 09:06 CEST
|