Endor Labs has officially come out of stealth, launching the company with a Dependency Lifecycle Management Platform that is intended to help development and security teams maximize software reuse by evaluating, maintaining, and updating dependencies. The Endor Labs platform helps organizations manage their dependencies by offering them a deeper understanding of how they are being … continue reading
When multiple teams are operating within the same value stream, controlling dependencies can feel like a daunting task. These teams often become silos and negatively impact the ability to collaborate across the entire value stream, increasing dependencies and decreasing overall productivity. At this month’s {virtual} VSMcon 2022, Jim Benson, CEO of Modus Cooperandi and author of … continue reading
Recently GitLab open-sourced a tool that enables developers and security teams to detect malicious code in app dependencies. Package Hunter analyzes dependencies for both malicious code and other unexpected behavior. It installs the dependencies in a sandbox environment and then reports any suspicious behavior to the developer who can then further examine them. According to … continue reading
Could the recent Equifax data breach been prevented if the credit agency had the right programming tools in place? That’s the question researchers from North Carolina State University set out to answer in their recent study: Can Automated Pull Requests Encourage Software Developers to Upgrade Out-of-Date Dependencies? According to the researchers, a majority of software … continue reading
About ten years ago, GitHub embarked on a journey to create a platform that brought together the world’s largest developer community. Now that the company believes it has reached its initial goals, it is looking to the future with plans to expand the ecosystem and transform the way developers code through new tools and data. … continue reading
The founder of an open-source library discovery service launched a new project today that can continuously test open-source dependencies for potential vulnerabilities and other issues. The project is Dependency CI, an open-source tool that integrates directly into a GitHub workflow just like other CI systems. It runs a set of configurable tests on any dependency … continue reading
If you’ve been developing software for more than five years, you’ve probably seen this cycle before: New architecture emerges. Developers abandon previous best practices. Developers eventually realize that some of those “old-school” practices apply to the new architectural approach. Microservices are no exception. Some developers see microservices as a way to throw out established service-oriented … continue reading
The two colleges are close enough to share a pizza parlor, but thanks to their collaborative work, maybe that pizza-delivery Web page will load faster for students at Harvard and MIT. Today, teams from the MIT Computer Science Artificial Intelligence Lab (CSAIL) and Harvard, released a paper describing Polaris, a method of speeding up page … continue reading