Spotting compromises hidden deep in open source- or commercial supply chains is difficult under the best of circumstances. For developers and development teams tasked with achieving aggressive development and release goals — an environment in which software security and integrity are low priorities — the job is even harder. That’s why, today, ReversingLabs introduced a new offering that helps developers to rapidly assess the security and quality of millions of open source packages spread across platforms such as npm, PyPI and RubyGems. 

Spectra Assure Community is a tool that enables developers, product security teams, and release managers to scan open source components to identify the best building blocks for their products. Using Spectra’s unique combination of advanced threat detection, comprehensive analysis, and standardized assessments, it helps developers determine whether packages that they wish to use are free from malicious code and supply chain attacks. 

The post New Portal Helps Devs Spot Malicious Open Source Packages appeared first on Security Boulevard.