Google on Thursday announced the creation of a new “Open Source Maintenance Crew” to focus on bolstering the security of critical open source projects.
Also, the tech giant highlighted Open Source Intelsights , a tool that allows you to analyze packages and their dependency diagrams. This can be used to find “if a vulnerability might affect your code.” “
” This information allows developers to understand the structure of their software and how changes in dependencies can affect it,” said the company.
The development comes as security and trust in the open source software ecosystem has been increasingly thrown into question in the aftermath of a string of supply chain attacks designed to compromise developer workflows.
In December 2021, a critical flaw in the ubiquitous open source Log4j logging library left several companies scrambling to patch their systems against potential abuse.
This announcement comes just two weeks after OpenSSF announced the Package Analysis Project to perform dynamic analysis on all packages that have been uploaded to open-source repositories.