Another resource to help you in your AppSec journey from Mend.io
We are constantly hearing about open sources in this rapidly evolving digital landscape, but how safe are these open source packages? The brilliant minds at Mend, powered by Renovate, have released Mend.io’s Open Source Reliability Leaderboard to help you navigate to which ones are reliable for you and your projects!
Mend.io has just recently released their inaugural Open-Source Reliability Leaderboard. This leaderboard is powered by the data from Renovate Bot, and it presents the top packages in terms of reliability across three of the most widely used languages. The Leaderboard allows the Mend.io team to both leverage and share valuable resources available. Renovate’s package reliability is also considered the cream of the crop with over 25 million dependency updates of crowd-sourced data gathered.?
The reasoning behind creating the Leaderboard started with the potential risk by the increasingly vulnerable software supply chain and the constantly shifting regulatory landscape. This causes the growing urgency to build secure applications. Mend.io also wanted to view application security through different lenses. Existing technologies like SCA and SAST are indeed vital for detecting and remediating problems however, little has been done to build a more holistic strategy of preventing, or at least preparing, for problems.
Like any data-driven project, selecting filtering criteria proved to be a complex and nuanced process. There are a number of aspects to be considered such as what languages should be evaluated, ranking the reliability of updated packages individually or part of a group, and filtering based on major and minor releases. Not only that, they have a rankings system for the three established programming languages, as listed below.
领英推荐
Thank you to the people at Mend.io for doing this and making the internet a safer place for all by practicing preventive measures in AppSec!