Tag Archives: bill of materials

Application Health Check

Application Health Check App v.2.3.0-02

Application Health Check App v.2.3.0-02

The Application Health Check application, our free vulnerability assessment tool that provides a Software Bill of Materials, has been updated to v.2.3.0-02. You can find it on the AHC download page. AHC will provide you with a Software Bill of Materials for the open source components within your applications. The latest versions available are: Windows:

Deserialization - Featured Image

The Latest Victim of Deserialization-Gate

Last week the world was hit with what can be awarded the Vulnerability Of The Day for Java – the commons-collections deserialization vulnerability. The latest victim of the continued series of vulnerabilities comes from the Spring project with an implicating class that allows the same unsafe deserialisation vector in the spring-core. What makes this issue particularly

Author, Ilkka Turunen

Healthcheck Features in Nexus Pro / Nexus Auditor

Question of the Day I’ve downloaded the Nexus Pro Trial, focusing on the procured repository function. We want to check open source components for license and security status. Can this be achieved with Nexus Pro alone? If so, what benefit is added by Nexus Audit? Answer from Ilkka Nexus Pro Both of these points can be

Author, Derek Weeks

How a Software Bill of Materials Uncovers Known Vulnerabilities

In two minutes, we can show you a full software bill of materials for your application.  We can also identify any known vulnerabilities in the open source and third-party components within your Java application.  Oh, and by the way, it’s free. That’s right, at Sonatype, we could not be more in favor of the code

Mad Men

Mad Men and What You Need to Know About Their Software

Plot Summary: Who would buy food without knowing what’s in the package? When is the last time you went to the grocery store  and just threw stuff into your basket without at least a cursory glance at the ingredient list? The dilemma is, it’s not just the consumer who doesn’t know the ingredients  in the software package,  the creators

Top