Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
D
D
Denis2022-03-17 19:17:14
npm
Denis, 2022-03-17 19:17:14

What are the solutions for managing vulnerabilities in packages (npm, docker, nuget, maven, etc)?

Probably many have heard about recent attacks through open source packages in NPM (for example , https://github.com/advisories/GHSA-97m3-w2cp-4xx6 ).
It is clear that in order to prevent such attacks, integrated dependency control solutions are needed in combination with a proprietary server that proxies package repositories. For example, Artifactory and Nexus can do such things in one form or another in their paid versions
. What other solutions are there for package quarantine? It is desirable that they cost some adequate money.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
S
Sergey delphinpro, 2022-03-17
@delphinpro

Any quarantine implies the presence of black or white lists.
And then the questions arise:

  • Are there such lists?
  • Who will finance them?
  • Should they be trusted?

Similar questions
I
Ivan Damaskin2017-04-09 17:54:15
How to run angular2 project on Ubuntu 16 VPS? 1Reply
M
Mikhailo Poberezhny2017-04-11 14:54:56
How to switch from meteor accounts-password to plain bcrypt? 1Reply
I
Ivan Nikolaevich2015-04-15 16:02:23
Why can gulp dest produce an empty file? 1Reply
R
RaDir2017-04-11 20:14:34
How to fix "ERROR in Entry module not found: Error: Can't resolve" error in Webpack? 1Reply
D
dotruger372021-04-02 17:04:25
How to build webpack? 0Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question