SiliconANGLE

New repository aims to illuminate open-source package vulnerabilities and malicious code

The Open Source Security Foundation today launched its Malicious Packages Repository, an open-source system for collecting and publishing cross-ecosystem reports of malicious packages. Claimed to be ...

ActiveState Unifies 79M Components to Launch World's Largest Secure Open Source Catalog

The ActiveState catalog grew to 40 million components in mid 2025 when it introduced coverage for Java and R in addition to Python, Perl, Ruby, and Tcl. As of January 2026, the company has expanded ...
SD Times

CAST Software creates index for Software Heritage open-source repository

Value stream management involves people in the organization to examine workflows and other processes to ensure they are deriving the maximum value from their efforts while eliminating waste — of ...
9to5google

Google Cloud launches Cloud Source Repositories beta for developers

When Google Code, Google’s free hosting for open source projects, began shutting down in 2015, the developer community was reasonably upset. Google seems to have taken some of that criticism to heart ...
Ars Technica

More malicious packages posted to online repository. This time it’s PyPI

Researchers have uncovered yet another supply chain attack targeting an open source code repository, showing that the technique, which has gained wide use in the past few years, isn’t going away any ...
Nextgov

Bypassing Procurement Can Introduce Some Unwanted Visitors

The federal IT procurement safety net may be developing some holes. Many federal developers are forgoing traditional software purchasing in favor of going directly to the source and downloading code ...
TechCrunch

Google’s Cloud Source Repositories gets better search tools

Google today announced an update to Cloud Source Repositories, its recently relaunched Git-based source code repository, that brings a significantly better search experience to the service. This new ...