OpenELA, a trade association formed by CIQ, Oracle, and SUSE, has publicly released the source code for Enterprise Linux (EL), with a focus on EL8 and EL9 initially, and EL7 packages coming soon. In August 2023, CIQ, Oracle, and SUSE initiated the creation of OpenELA in response to alterations in the accessibility of RHEL source … continue reading
The application security company Mend.io has introduced an enterprise version of its dependency management tool Renovate. Mend Renovate Enterprise Edition offers unlimited server scalability, dedicated support, and other premium features.. Renovate helps ensure the security and currency of applications by scanning software to identify external dependencies and automating updates to the latest versions. According to … continue reading
The Omnivore open-source project enables users to save articles, newsletters, and documents for later reading in a distraction-free environment. Users can also make notes and highlights, and customize their reading list while syncing it across all devices. Users can streamline their newsletters by sending them directly to their Omnivore library, consolidating them in one place. … continue reading
The Microsoft Azure Incubations Team has launched Radius, a new open application platform for the cloud. Radius is designed to facilitate collaboration between developers and platform engineers in delivering and managing cloud-native applications while adhering to corporate best practices for cost, operations, and security. It addresses several cloud-related challenges in development and operations. It can … continue reading
Kargo is a multi-stage application lifecycle orchestrator designed to help with continuous delivery and deployment of changes across various environments. Kargo, created by the developers behind the Argo Project, represents a novel approach to CD pipelines, tailored for the cloud-native landscape, featuring robust GitOps support, progressive delivery capabilities, and complete open-source accessibility. The name “Kargo” … continue reading
Tidelift has added new intelligence capabilities that will help customers minimize risk related to using open-source components. These capabilities are being added to Tidelift Subscription, which is a program that provides evaluations on security, licensing, and maintenance risks of open-source software. The company has access to open-source package intelligence data through partnerships with thousands of … continue reading
The primary goal behind Wolfi, which was announced a year ago, is to create secure, hardened containers with zero known CVEs, according to the project maintainers in a post. Since its release, the team of maintainers at Chainguard, along with community contributors, has been focused on aiding developers in addressing software supply chain security challenges. … continue reading
Today marks the 40th anniversary of the GNU operating system, and a number of its users are coming together around the world to celebrate the milestone. GNU is an open-source operating system similar to Unix that was created in 1983 by Richard Stallman. In 2019, following controversy around statements he made around Jeffrey Epstein and … continue reading
The main goal of this project created by Contrast Security is to create a clear and usable policy for managing privacy and security risks when utilizing Generative AI and Large Language Models (LLMs) in organizations, according to the project’s GitHub page. The policy primarily aims to address several key concerns: 1. Avoid situations where ownership … continue reading
OpenSSF created the Open Source Consumption Manifesto (OSCM) with the main objective of enhancing the utilization of open-source software. Similar to the Agile Manifesto, OSCM is based on core values and comprises 15 guiding principles for using open source. It is designed to be a continuously evolving document, according to the Open SSF. Open Source … continue reading
This week’s project, Codecov, originally claimed to be an open-source project, but in a subsequent post the day after the people behind the project apologized for referring to BUSL-1.1 as Open Source and explained the thought process behind the decision in detail. The definition of open source is outlined by the Open Source Initiative (OSI) … continue reading
The Rust Foundation outlined many improvements to the security structure of the language and expressed its commitment to developing tools, features, and recommendations based on security research in its Security Initiative Report. The Rust advancements follow the White House’s National Cybersecurity Strategy Implementation Plan that signals a deep civic investment in more secure programming languages like … continue reading
