Novel Google API for open-source flaw detection unveiled

SiliconAngle reports that Google has introduced the new API that enables the scanning of vulnerabilities and other issues in open-source code. Such an API would enable developers to more easily use the dataset and more conveniently develop a plugin integrating, according to Google. Security teams could integrate the API in continuous integration and continuous delivery tools to facilitate cybersecurity task automation, while the API's real dependency graph feature allows package code scanning that more accurately details its components. Google also noted that hash query support has been added to the API, allowing improved supply chain attack detection. "This gives a real set of dependencies similar to what you would get by actually installing the package, which is useful when a package changes but the developer doesn't update the lock file. With the API, tools can assess, monitor, or visualize expected (or unexpected!) dependencies," said Google Senior Software Engineer Jesper Sarnesjo and Product Manager Nicky Ringland.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.