Why You Should Avoid Copy and Paste Code
Copy and pasting code from open source projects is never a good idea from a licensing, bug fix and vulnerability perspective. Read to avoid the risks.
Choose Your Type
Choose Your Topic
Our Latest Content
Malicious Packages Special Report – Attacks Move Beyond Vulnerabilities
Threat actors are after our sensitive data. In 2023, the number of malicious packages published to Node Package Manager (npm) and RubyGems ballooned 315% compared to 2021, and 85% of malicious packages discovered in existing applications were capable of exfiltration – meaning they could cause an unauthorized transmission of information. Software packages containing malicious code...
Announcing the Open-Source Reliability Leaderboard: A New Resource for Preventive AppSec
Powered by data from Renovate, Mend.io’s popular open-source dependency management tool, the Leaderboard presents the top packages in terms of reliability across three of the most widely used languages.
Five Tips for Using SBOMs to Boost Supply Chain Security
Discover why SBOMs are so important for software supply chain security and how you can best use them to secure your software and applications.
Open-Source Reliability Leaderboard
Powered by data from Renovate Bot, Mend.io’s wildly popular open-source dependency management tool, the Leaderboard presents the top packages in terms of reliability across three of the most widely used languages - npm, Maven, and PyPi.
Open Source Risk Report Checklist
Check your open source risk with this checklist.
Top 10 Questions About the Apache License
We’ve compiled a list of the top 10 questions and answers about the Apache open source software license.
CVSS 4.0 — What’s New?
Find out why the CVSS is updating to version 4.0, what’s happening to it, and how we can get the best from it to strengthen your application security.
The Forrester Wave™: Software Composition Analysis, Q2 2023
Mend.io is described as a visionary that played an outsized role in shaping the SCA market, whose remediation-first approach has spurred innovation for better vulnerability prioritization and automated remediation.
How to Boost Confidence in Your Open Source Security with Mend Smart Merge Control
Learn how Mend Smart Merge Control strengthens your confidence in your open source security and your dependency health.
7 Best Practices for Modern AppSec Programs
Mend.io’s top team explains what they consider to be AppSec best practices, and how they maximize the ROI in an AppSec program.
Mend.io Launches AppSec Risk Assessment Program
Mend.io announces a new initiative designed to make it easier than ever for organizations to visualize and remediate their biggest sources of risk
Understanding the Anatomy of a Malicious Package Attack
Learn why malicious packages are a growing threat to application security, how they work, and what you can do to stop them
Mend.io and AWS Webinar: Five Principles of Modern Application Security Programs
Organizations of all kinds are experiencing increasing volumes, frequency and severity of cyberattacks. 71% of IT and security leaders say that their portfolio of applications has become more vulnerable in the last year alone, and cybercrime is expected to cost companies worldwide around $10.5 trillion annually by 2025. To fight this trend, organizations need a...
How Supply Chain Attacks Work – And What You Can Do to Stop Them
Supply chain attacks made headlines in 2022, sending shockwaves through the industry as security and business leaders scrambled to reexamine the security of their own supply chains. In this webinar, experts talk through the stages of a supply chain attack and the different types of attacks to look for. You will also learn what tools...
The Importance of Adopting Modern AppSec Practices
Security is an increasingly critical aspect of application development. As the volume of applications rapidly expands, so does the volume of source code, components, and dependencies used to create them. With them comes a growth in the potential attack surface and an escalation in the variety of threats to your application security. Mend.io CEO Rami...
The Top 10 Questions about the GPL License – Answered!
10 questions & answers about GPL - GNU’s General Public License, and one of the most popular open source licenses.
The Importance of Adopting Modern AppSec Practices
Rami Sass, Mend CEO, Jeff Martin, VP Product Management, and CMO Arabella Hallawell, discuss why organizations should adopt modern AppSec, and the challenges they face.
How Supply Chain Attacks Work – and How to Stop Them
Security leaders are scrambling to reexamine the security of their software supply chains. This report details how to protect software components and applications from attack, examining: The growing threat of malicious package attacks, as identified by Mend.io, and what you can do about them. The importance of software bills of materials in software supply chain...
What’s Driving the Adoption of SBOMs? What’s Next for Them?
Discover two of the key drivers behind the demand and adoption of SBOMs: technical and legislative.
The Unseen Risks of Open Source Dependencies: The Case of an Abandoned Name
Mend.io research discovered a threat actor takeover of the name ‘gemnasium-gitlab-service', a retired Ruby gem with more than two million downloads. Existing projects that haven't updated their dependencies might unwittingly pull in this new version, assuming it's a continuation of the original. Given that the new gem is now controlled by an unknown entity, it could be altered to include malicious code or to perform undesirable actions.
Mend.io + Jira Security: Doing DevSecOps Better Together
Learn how Mend.io integration enhancements for Jira Security build seamless adoption and collaborative DevSecOps.
Magic Quadrant™ for Application Security Testing, 2023 Gartner® report
We’re proud to announce that Mend has been recognized as a Visionary in the 2023 Gartner Magic Quadrant for Application Security Testing.
2023 Gartner® Magic Quadrant™ for Application Security Testing
Mend.io has been recognized by Gartner as a Visionary. Mend.io has been recognized for its completeness of vision and ability to execute.
What You Should Know About Open Source License Compliance for M&A Activity
Learn why open source license compliance is essential and what you can do to ensure compliance in readiness for M&A activity
Dependency Management: A Guide and 3 Tips to Keep You Sane
Learn more about challenges, best practices, and good strategies for dependency management, and discover our three favorite tips.
What is Software Composition Analysis (SCA)?
Find out what a Software Composition Analysis tool is and why it should be part of your application security portfolio.
What are Malicious Packages? How Do They Work?
Open source code package repositories allow anyone to store or publish packages, and unfortunately that can include packages containing malware. These are known as malicious packages. Read on to learn about what they are and how they work.
AWS Guide to Modern Application Security eBook
Your guide to modern application security. Build with speed and confidence with Mend.io and AWS.
A Guide to Standard SBOM Formats
Learn how to choose an SBOM format that fits your company’s needs.
RSA Conference 2023: Key Takeaways From Our Five Favorite Sessions
Key takeaways from five of the more noteworthy sessions we attended at RSA 2023.
Mend.io Collaborates with Kondukto’s New Demo Hub
What Mend.io’s collaboration with Kondukto’s new Demo Hub means when choosing your AppSec solution
Why is Cybersecurity Now a Global Governmental Concern?
What do Australia’s cybersecurity plans teach us all about the need for advanced application security?
RSA is Almost Here and We Have Thoughts
Read on to hear our predictions on the hot topics at RSA this year, and what Mend.io will be up to at the show.
Optimizing AppSec by Enhancing Integration with Jira
Discover Mend.io's new enhancement to its Jira integration capabilities.
Mend.io Achieves AWS Security Competency Status
Mend.io has achieved Amazon Web Services (AWS) Security Competency status. This designation recognizes that Mend.io has demonstrated proven technology and deep expertise to help customers achieve cloud security goals and reinforces Mend.io’s position as a trusted member of the AWS Partner Network (APN).