Why You Should Avoid Copy and Paste Code
Copy and pasting code from open source projects is never a good idea from a licensing, bug fix and vulnerability perspective. Read to avoid the risks.
Read about application security, DevSecOps, license compliance, supply chain security, and malicious packages.
Copy and pasting code from open source projects is never a good idea from a licensing, bug fix and vulnerability perspective. Read to avoid the risks.
Threat actors are after our sensitive data. In 2023, the number of malicious packages published to Node Package Manager (npm) and RubyGems ballooned 315% compared to 2021, and 85% of malicious packages discovered in existing applications were capable of exfiltration – meaning they could cause an unauthorized transmission of information. Software packages containing malicious code...
Powered by data from Renovate, Mend.io’s popular open-source dependency management tool, the Leaderboard presents the top packages in terms of reliability across three of the most widely used languages.
Discover why SBOMs are so important for software supply chain security and how you can best use them to secure your software and applications.
Powered by data from Renovate Bot, Mend.io’s wildly popular open-source dependency management tool, the Leaderboard presents the top packages in terms of reliability across three of the most widely used languages - npm, Maven, and PyPi.
Check your open source risk with this checklist.
We’ve compiled a list of the top 10 questions and answers about the Apache open source software license.
Find out why the CVSS is updating to version 4.0, what’s happening to it, and how we can get the best from it to strengthen your application security.
Mend.io is described as a visionary that played an outsized role in shaping the SCA market, whose remediation-first approach has spurred innovation for better vulnerability prioritization and automated remediation.
Learn how Mend Smart Merge Control strengthens your confidence in your open source security and your dependency health.
Mend.io’s top team explains what they consider to be AppSec best practices, and how they maximize the ROI in an AppSec program.
Mend.io announces a new initiative designed to make it easier than ever for organizations to visualize and remediate their biggest sources of risk
Learn why malicious packages are a growing threat to application security, how they work, and what you can do to stop them
Organizations of all kinds are experiencing increasing volumes, frequency and severity of cyberattacks. 71% of IT and security leaders say that their portfolio of applications has become more vulnerable in the last year alone, and cybercrime is expected to cost companies worldwide around $10.5 trillion annually by 2025. To fight this trend, organizations need a...
Supply chain attacks made headlines in 2022, sending shockwaves through the industry as security and business leaders scrambled to reexamine the security of their own supply chains. In this webinar, experts talk through the stages of a supply chain attack and the different types of attacks to look for. You will also learn what tools...
Security is an increasingly critical aspect of application development. As the volume of applications rapidly expands, so does the volume of source code, components, and dependencies used to create them. With them comes a growth in the potential attack surface and an escalation in the variety of threats to your application security. Mend.io CEO Rami...
10 questions & answers about GPL - GNU’s General Public License, and one of the most popular open source licenses.
Rami Sass, Mend CEO, Jeff Martin, VP Product Management, and CMO Arabella Hallawell, discuss why organizations should adopt modern AppSec, and the challenges they face.
Security leaders are scrambling to reexamine the security of their software supply chains. This report details how to protect software components and applications from attack, examining: The growing threat of malicious package attacks, as identified by Mend.io, and what you can do about them. The importance of software bills of materials in software supply chain...
Discover two of the key drivers behind the demand and adoption of SBOMs: technical and legislative.
Mend.io research discovered a threat actor takeover of the name ‘gemnasium-gitlab-service', a retired Ruby gem with more than two million downloads. Existing projects that haven't updated their dependencies might unwittingly pull in this new version, assuming it's a continuation of the original. Given that the new gem is now controlled by an unknown entity, it could be altered to include malicious code or to perform undesirable actions.
Learn how Mend.io integration enhancements for Jira Security build seamless adoption and collaborative DevSecOps.
We’re proud to announce that Mend has been recognized as a Visionary in the 2023 Gartner Magic Quadrant for Application Security Testing.
Mend.io has been recognized by Gartner as a Visionary. Mend.io has been recognized for its completeness of vision and ability to execute.
Learn why open source license compliance is essential and what you can do to ensure compliance in readiness for M&A activity
Learn more about challenges, best practices, and good strategies for dependency management, and discover our three favorite tips.
Find out what a Software Composition Analysis tool is and why it should be part of your application security portfolio.
Open source code package repositories allow anyone to store or publish packages, and unfortunately that can include packages containing malware. These are known as malicious packages. Read on to learn about what they are and how they work.
Your guide to modern application security. Build with speed and confidence with Mend.io and AWS.
Learn how to choose an SBOM format that fits your company’s needs.
Key takeaways from five of the more noteworthy sessions we attended at RSA 2023.
What Mend.io’s collaboration with Kondukto’s new Demo Hub means when choosing your AppSec solution
What do Australia’s cybersecurity plans teach us all about the need for advanced application security?
Read on to hear our predictions on the hot topics at RSA this year, and what Mend.io will be up to at the show.
Discover Mend.io's new enhancement to its Jira integration capabilities.
Mend.io has achieved Amazon Web Services (AWS) Security Competency status. This designation recognizes that Mend.io has demonstrated proven technology and deep expertise to help customers achieve cloud security goals and reinforces Mend.io’s position as a trusted member of the AWS Partner Network (APN).