Hi all! I have been developing a free app for my job at Black Duck Software that can scan your open source repositories on GitHub and produces a report on the security risk of your dependencies.As of today we finally support npm! You all know how interconnected npm components are. Today you can finally find out if any of your dependencies or transitive dependencies have known security vulnerabilities and get guidance on how to fix it.The url is http://ift.tt/2xln8RA're in an open beta right now, and I'd really love to get you guys' feedback about what you like and don't like about the tool, and how we can make it really serve the needs of the open source community! Previous feedback from redditors on other subreddits has really helped me improve things, so please let me have it. I'll answer any questions that anybody has.
Submitted September 20, 2017 at 02:25AM by nickavv
No comments:
Post a Comment