Interesting project at [Wayback] Open Source Insights
Open Source Insights is an experimental project by Google.
Hopefully by now it is supporting more than just npm/golang/maven and by the time it sunsets, other projects take over.
The introduction was some 9 months ago: [Wayback] Introducing the Open Source Insights Project | Google Open Source Blog
Via:
- [Archive.is] corbosman on Twitter: “At least in the JS/PHP world it’s already pretty common to add all kinds of dependency security checkers to your CI/CD pipeline. And there’s Github Code Scanning. But it’s interesting to visually see the often immense dependency chains.… “
- [Archive.is] annabelle on Twitter: “Finding OSS dependencies is messy, particularly when you start trying to figure out how you inherent a particular vulnerability. Today Google launched deps.dev, a way to visualize and find how you inherent dependencies, and what’s in them: … “
–jeroen