Google AllStar new security application

Google has released a new tool for developers that automates the process of saving projects and verifies some to ensure that the project has not been hacked. The new security tool is called AllStar and is designed to test and determine if certain critical features have changed.

The AllStar, combined with another Google tool called , gives project maintainers reassurance that their security settings are accurate, according to Jeff Mendoza, lead engineer at Google AllStars.

If developers wish, they can also use score card to evaluate their project and then automatically provide the appropriate policies with AllStar.all star

With 18 distinct criteria, the Scorecard evaluates projects, such as whether they are automatically updated, and uses an automated vulnerability discovery method to identify defects that are easy to detect.

According to his announcement OpenSSF, Google released the tool as part of an effort to have software like AllStar that anyone can use. The software monitors a repository on GitHub and checks the project to ensure that no unwanted changes are made. The configuration settings are compared to the project security policy and if they do not match, there are "penalties".

Mendoza reports

With the popularity of open source, attackers see a compromised project as a way of infiltrating both closed and open systems. Attacks are made from the supply chain side: either by attacks at the base of the code, or by injections somewhere between the code and the way a project has been developed and used in other systems.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.
AllStar, google allstar, iguru, iguru.gr

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).