Google Cloud has launched the Assured Open Source Software service for use in Java and Python ecosystems at no cost, reports TechRepublic
The service aims to address enterprises rising concern over the reliability of open-source software and vulnerabilities in their software supply chain
. Synopsys reported recently that at least one known vulnerability was present in 84% of open-source software codebases, while 48% had at least one high-risk vulnerability.
Previously released in May 2022, Assured OSS provides a collection of Google-vetted codebase packages for any organization to use. These packages undergo regular scanning and fuzz-testing for vulnerabilities, come with enriched metadata that includes Container/Artifact Analysis data, possess easily verifiable signatures from Google, and are sourced from a Google-protected Artifact Registry.
Secure ingest of open-source packages is a widespread challenge for organizations and developers wherever they choose to build code, saidAndy Chang, group product manager for security and privacy at Google. Google is uniquely positioned to help in this area as we are a long-time contributor, maintainer, user of open-source software and have developed a robust set of technology, processes, security capabilities and controls.