Google on Thursday announced creating a new “Open Source Maintenance Crew” to focus on strengthening the security of important open source projects.
Also noted is the tech giant Open Source Insights as a tool for analyzing packages and their dependency graphs, which can be used to determine “whether a dependency vulnerability could affect your code”.
“With this information, developers can understand how their software is bundled and what the consequences of changes in their dependencies,” – said the company.
Development is happening while the security and credibility of the open source software ecosystem is increasingly being questioned after the consequences string with supply chain attacks designed to compromise developer workflows.
In December 2021, there was a critical flaw in the ubiquitous open source Log4j Magazine Library left several companies trying to fix their systems against possible abuses.
The announcement also came less than two weeks after the Open Source Security Foundation (OpenSSF) announced the so-called Batch analysis project to dynamically analyze all packages loaded into popular open source repositories.