DEV Community

Stacklok profile image Ariel
Ariel for Stacklok

Posted on • Edited on

Blocking unsafe open source dependencies in pull requests with Minder and OSV.dev

#opensource #security #tutorial

Using data from the open source OSV.dev project and other sources, Minder can now block pull requests that contain malicious and deprecated packages, so that they canโ€™t inadvertently be merged into your code.

Most teams today use vulnerability scanners to find CVEs in their open source dependencies. While avoiding dependencies with known vulnerabilities is important, these scanners may neglect to flag malicious or deprecated packages that donโ€™t have any CVEs, even though these packages may pose an even greater threat to your supply chain.

Read the full article by Yolanda Robla & Adolfo "Puerco" Garcรญa Veytia here

Image description

Top comments (0)

Read next

gitprotectteam profile image

GitHub Compliance โ€“ All You Need To Know

GitProtect Team -

sagar25 profile image

TDoC 2024 - Day 3: Introduction to Machine Learning

Sagar Das -

iammikeade profile image

๐’๐ˆ๐„๐Œ ๐„๐ฑ๐ฉ๐ฅ๐š๐ข๐ง๐ž๐: ๐–๐ก๐š๐ญ ๐ˆ๐ญ ๐ˆ๐ฌ ๐š๐ง๐ ๐–๐ก๐ฒ ๐ˆ๐ญโ€™๐ฌ ๐‚๐ซ๐ข๐ญ๐ข๐œ๐š๐ฅ ๐Ÿ๐จ๐ซ ๐‚๐ฒ๐›๐ž๐ซ๐ฌ๐ž๐œ๐ฎ๐ซ๐ข๐ญ๐ฒ?

Adedeji Michael -

ianbrumby profile image

Finally got some time to play with the new JSONata and Variables support for Step Functions, and I have to say, it is massive improvement. Check out my latest blog post, where I walk through a simple example of how easy it is to handle pagination now

Ian -