Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
D
D
Denis2022-03-17 19:17:14
npm
Denis, 2022-03-17 19:17:14

What are the solutions for managing vulnerabilities in packages (npm, docker, nuget, maven, etc)?

Probably many have heard about recent attacks through open source packages in NPM (for example , https://github.com/advisories/GHSA-97m3-w2cp-4xx6 ).
It is clear that in order to prevent such attacks, integrated dependency control solutions are needed in combination with a proprietary server that proxies package repositories. For example, Artifactory and Nexus can do such things in one form or another in their paid versions
. What other solutions are there for package quarantine? It is desirable that they cost some adequate money.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
S
Sergey delphinpro, 2022-03-17
@delphinpro

Any quarantine implies the presence of black or white lists.
And then the questions arise:

  • Are there such lists?
  • Who will finance them?
  • Should they be trusted?

Similar questions
W
WhiteSama2015-08-11 12:55:30
Is it possible to track the duration of the mouse scroll? 3Reply
A
AlexVWill2022-04-21 10:34:24
JS does not start in daemon mode, although everything works fine in manual mode? 1Reply
A
Alex Ozerov2020-11-26 20:06:12
Which npm package to use for the bot? 1Reply
W
wakenby2020-11-27 00:44:53
How to include dependencies or devDependencies? 5Reply
D
Daniil Kochkin2020-11-27 07:23:16
How to import addIndicators() when using ScrollMagic? 0Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question