Google Launches Two Services for Safer Open Source Software Development
Earlier this week, Google launched the free API service “deps.dev” to provide software developers with comprehensive data on software package dependencies and their safety. This service supports over five million packages for different programming languages such as GO, Java, Python, JavaScript, and Rust. The aim is to reduce risks in the software supply chain that exist in an open-source ecosystem.
Additionally, Google launched the public service “assured Open Software” (ASSURED OSS) yesterday to provide developers teams with a safe packet repository for Python and Java. This repository is supervised by Google to protect against any malicious software threats that may infect the open-source ecosystem repositories.
Both services are part of Google’s efforts to create safer software development processes. The Deps.dev tool collects metadata security from several sources for five million packages with fifty million versions found in public repositories. The team is planning to add Nuget (.NET Framework) in the future. This AI tool can help developers make informed decisions by providing information about a package’s available versions, software licenses, dependencies, and related files.
The ASSURED OSS repository is designed to help developers create a safer final product. Often, private and regular developers save often-used repositories in their local storage facilities to minimize risks when using potentially compromised files. However, this approach can delay the implementation of security changes for a long time. Many studies reveal that organizations commonly use outdated and vulnerable versions of open-source components in their applications. Google’s repository aims to address this problem.
Google’s security teams stated, “Ensuring the safety of the software supply chain is a difficult task, but in our interests to simplify it. Every day, Google is working hard to create a safer Internet, and we are proud that we release such an API that will help make this data publicly available and useful for everyone.”
These two services will help developers create safer software development environments while providing a more informed decision-making process, leading to better application security.