Developers Articles
Developers Articles
Polyfill Supply Chain Attack: Details and Fixes
An overview of a significant supply chain attack on the Polyfill CDN service, including its background, impact, and mitigation strategies.
A Comprehensive Guide to Source-Available Software Licenses, Featuring Heather Meeker
Explore the intricacies of source-available software licenses, contrasting them with open-source and proprietary licenses.
5 Ways to Reduce GitHub Copilot Security and Legal Risks
Explore strategies to mitigate security and legal risks associated with GitHub Copilot and similar AI tools.
Direct Dependencies vs. Transitive Dependencies
Explore the differences between direct and transitive dependencies, and how they impact your project's development and maintenance.
Generative AI and Software Development: Copyright Law and License Compliance
Explores the impact of recent U.S. Copyright Office decisions on generative AI, potential risks from open source licensing, and strategies to mitigate IP risk in software development.
The FOSSA Podcast: Adopting Haskell into an Existing Codebase
FOSSA's podcast explores the adoption of Haskell into its codebase, discussing the reasons and benefits of the functional programming language.
A Practical Guide to the SLSA Framework
A guide to understanding and implementing the SLSA framework for improving software supply chain security across organizations.
Rust: How to Transform a Byte Stream for Fun and Profit
A guide on transforming byte streams in Rust by using iterators to create powerful modifications.
Understanding and Preventing Dependency Confusion Attacks
Explore the concept of dependency confusion attacks, how they work, and strategies to prevent them from affecting software supply chains.
5 Must-Have DevSecOps Tools
A discussion on essential DevSecOps tools that help automate software testing and management, enhancing security throughout the software development lifecycle.
DevSecOps 101: Understanding and Implementing DevSecOps Principles
Explore the principles of DevSecOps, a natural extension of DevOps, focusing on integrating security testing throughout the software development lifecycle.
Best Practices for Testing in Go
An exploration of effective testing practices in Go, including strategies for choosing what to test and examples of making it work in applications.
Announcing FOSSA Container Scanning
Announcing the availability of FOSSA Container Scanning, a tool that helps identify vulnerabilities and license risks in container images.
Container Image Security and Vulnerability Scanning
Explore today’s container image security landscape and learn strategies to fend off cyber threats like vulnerability scanning and digital signatures.
Cybersecurity Executive Order and Software Supply Chain Security
An overview of the Biden Administration's executive order on cybersecurity and its impact on software supply chain security.
Top Build Systems for Monorepos
Explore various build systems suited for monorepos, detailing the difference between imperative and declarative systems, and providing insights into top choices such as Bazel, Buck, and Pants.
4 Takeaways from the 2021 State of Open Source Vulnerabilities Report
An analysis of the 2021 State of Open Source Vulnerabilities report, highlighting frequent targets like Java and JavaScript, common issues such as poor input validation, and vulnerable libraries.
Improving Page Speed Using Google PageSpeed Insights in Rails Apps
Integrate Google’s PageSpeed Insights API into Rails apps to improve site performance, accessibility, and SEO.
SolarWinds, Supply Chain Attacks, and Software Composition Analysis
Exploring the implications of the SolarWinds hack and methods to prevent similar software supply chain attacks, with a focus on software composition analysis.
Pros and Cons of Using Monorepos
Monorepos, used by companies like Google and Facebook, offer benefits like simplified dependency management and large-scale code refactoring, but also present challenges in build pipelines and VCS tooling.
FOSSA and Container Scanning
Explore how FOSSA aids in scanning different components of a container to ensure compliance and security.
DevOps and Open Source + CI/CD = Mitigating Risk Without Sacrificing Speed
Explore how DevOps and open source tools can be leveraged with CI/CD to mitigate risk without compromising on speed.