A few weeks ago GitHub released its Copilot solution, which uses AI to suggest code to developers. Developers can write a comment in their code and Copilot will automatically write the code it thinks is appropriate. It’s an impressive example of the power of AI, but has many developers and members of the open-source community … continue reading
Airbyte is a data integration platform that runs in the cloud and replicates data. It enables users to get their data pipelines running in minutes with either pre-built or custom connectors from the Airbyte UI, API or CLI. Developers simply need to authenticate their sources and get connectors that adapt to schema or API changes. … continue reading
Some of the major highlights of the TypeScript 4.4 beta are control flow analysis of aliased conditions, symbol and template string pattern index signatures and more. With control flow analysis of aliased conditions enabled, developers don’t have to convince TypeScript of a variable’s type whenever it is used because the type-checker leverages something called control … continue reading
The Scorecards project is an automated security tool that produces a “risk score” for open-source projects that just reached version 2 yesterday. The new version adds new security checks, a scaled up number of projects being scored and data has been made easily accessible for analysis. It was created last fall by the Google Open … continue reading
Hackers are always looking for new ways to compromise applications. As languages, tools and architectures evolve, so do application exploits. And the latest target is developers. Traditionally, software supply chain exploits, such as the Struts incident at Equifax, depended on an organization’s failure to patch a known vulnerability. More recently, supply chain attacks have taken … continue reading
Red Hat OpenShift 4.8 helps organizations quickly create new cloud-native applications without having to abandon their existing environments and IT investments. One new feature is IPv6/IPv4 dual stack and IPv6 single stack support, which provides applications with interoperability and communications for environments that use IPv6 and IPv4 such as in Cloud-Native Network Functions. Also, OpenShift … continue reading
The new Davis Security Advisor automatically contextualizes and prioritizes application vulnerabilities to reduce enterprise risk by empowering DevSecOps teams to make more informed real-time decisions. Davis automatically monitors all software libraries in preproduction and production and removes false positives. It then aggregates vulnerability data and prioritizes remediation tactics. “Manual processes and piecemeal solutions that don’t … continue reading
Page-fetch is a new open-source tool created by the Detectify Security Research team that helps hunt for prototype pollution issues. One of the most common places for prototype pollution — the ability to inject properties into existing JavaScript language construct prototypes — is in processing the query string. Detectify’s solution can already find issues that … continue reading
Grafana 8.0 introduces new alerts that centralize alerting information Grafana managed alerts and alerts from Prometheus-compatible data sources within one UI and API. Grafana Labs also introduced a new data source: Alertmanager, which is in alpha and includes built-in support for Prometheus Alertmanager. Also, data sources can now send real-time updates to dashboards over a … continue reading
The Commons Clause was one of the first licenses that came out to try to combat cloud providers. It made headlines and caused an uproar in the open-source community when Redis Labs announced it was switching to the license. Under the clause, users do not have the right to sell the software, meaning third parties … continue reading
Earlier this year, Elastic reignited the open-source licensing debate when it announced it would be changing its license model to better protect its open-source code. Over the last couple of years, a number of companies — including Redis Labs, MongoDB, Cockroach Labs, and Confluent — have been switching their open-source licenses to avoid what they … continue reading
It’s no longer a question of why should you use open source. The tables have turned and businesses are asking themselves why aren’t they using open source? But an even bigger question has been left unanswered, and that is how are they using open source? Are they staying true to the open source meaning? As … continue reading