Sonatype operates on the principles of better, safer, and faster delivery with software supply chain automation. The company acquired the OSS Index last year and has now launched an automated and re-designed Open Source Software Index that provides developers with information on OSS dependencies and vulnerabilities for more informed product development. As explained by the company’s Co-founder and CTO, Brian Fox, this latest release gears up the company’s efforts in providing developers with fundamental resources to ensure that their products are host to strong security systems that can withstand known vulnerabilities as the open source platform can be very unforgiving in this matter. This new launch promises a cleaner interface as well as easy to understand and thoroughly verified information.
The index also facilitates easy implementation with its many open source tools, the most prominent being its REST API. Other integrations in the index such as the Maven Enforcer plugin and OWASP Dependency Check make the database an all-round information tool on OSS vulnerabilities. In addition to this, the index allows for toolchain integration with its native extensions and applications. It features an Audit.js integration which audits npm projects and the Index also draws from Sonatype’s own The Central Repository. Other than the platform specific auditing tools provided, DevAudit, an open-source cross-platform multi-purpose security auditing tool, is also available for developers to use.