The newly improved Index is designed to easily integrate with developer tools like Maven Enforcer Plugin and OWASP Dependency Check
Fulton, MD – July 25, 2018 -- Sonatype, the leader in automated open source governance, today announced a revamped and modernized OSS Index to provide developers with free and easily accessible information on known open source vulnerabilities. The Index provides multi-language support, easy implementation through a REST API and native integrations with Maven Enforcer Plugin and OWASP Dependency Check.
“Sonatype’s roots are in open source. Not only are we the providers and caretakers of The Central Repository, but we believe in doing right by the community, making a difference where we can, and leaving things better than we found them,” said Brian Fox, CTO and Co-Founder of Sonatype. “With the new OSS Index, we’re enabling millions of developers to add a basic layer of security to their innovation efforts which is a good starting point for everyone in the open source community.”
Since Sonatype acquired OSS Index and its parent company Vor Security last year, the organization has been working to revamp the data feed, making it easier for developers to understand the value of basic open source governance.
Today, OSS Index is a simple and free way for developers to determine if there are any known, publicly disclosed, vulnerabilities associated with open source components. While the Index is derived entirely from public sources, and does not include human curated intelligence or remediation guidance, it does house more than 2.6 million packages and information on 140,000 known vulnerabilities. Benefits include:
Software development teams with enterprise requirements for fully automated open source governance powered by precise, curated, and actionable intelligence should investigate Sonatype's Nexus Product Suite.
About Sonatype