heise online

Google's vulnerability scanner checks container layers and Maven projects

Google has released the second version of its vulnerability scanner for open-source projects, which now performs in-depth analyses in complex projects and containers. It also supports Java projects ...
livedoor ニュース

Google、オープンソースプロジェクト向けに脆弱性スキャナ「OSV ...

Googleは12月13日(米国時間)、「Google Online Security Blog: Announcing OSV-Scanner: Vulnerability Scanner for Open Source」において、オープンソースプロジェクトのための脆弱性スキャナ「OSV-Scanner」を発表した。これは、オープンソース開発者が、自身のプロジェクトに関連する ...
TechRepublic

350,000 open source projects at risk from Python vulnerability

Fifteen-year-old N-day Python tarfile module vulnerability puts software supply chain under the microscope. Cybersecurity company Trellix announced Wednesday that a known Python vulnerability puts 350 ...
techzine

TeamPCP compromises Python libraries via supply chain attack

The hacker group TeamPCP uploaded two malicious versions of the popular Python library LiteLLM to PyPI. Using a previously compromised version of the vulnerability scanner Trivy, the attackers stole ...