all InfoSec News
Blocking unsafe open source dependencies in pull requests with Minder and OSV.dev
DEV Community dev.to
Using data from the open source OSV.dev project and other sources, Minder can now block pull requests that contain malicious and deprecated packages, so that they can’t inadvertently be merged into your code.
Most teams today use vulnerability scanners to find CVEs in their open source dependencies. While avoiding dependencies with known vulnerabilities is important, these scanners may neglect to flag malicious or deprecated packages that don’t have any CVEs, even though these packages may pose an even greater threat …
block blocking can code cves data dependencies dev find malicious open source opensource osv packages project pull requests requests scanners security teams today vulnerability vulnerability scanners