Deep dive into VulnerableCode v30

VulnerableCode v30 is now publicly available! With our latest release, we’ve made many improvements to help you find FOSS vulnerabilities, and improve overall FOSS security including:

  1. New web UI plus API access
  2. Focus on software packages, leveraging Package URL (purl)
  3. Improved data collection with expanded data sources and enhanced package endpoints

In this webinar, nexB co-founder and CTO Philippe Ombredanne will present VulnerableCode v30.0.0 and demonstrate how to best use this new FOSS tool to automate search for FOSS security vulnerabilities. Philippe will also share how VulnerableCode addresses key security concerns for using FOSS code in modern applications by collecting and parsing data from many sources, identifying packages using a standardized package-url, and accessing the data through a REST API.

SPEAKER: Philippe Ombredanne,
nexB co-founder and CTO
Philippe Ombredanne is a passionate FOSS hacker on a mission to make it easier and safer to reuse FOSS code. He is the maintainer of ScanCode, the industry standard license detection tool along with other open source tools for software composition analysis and license and security compliance (aboutcode.org). Philippe contributes to several other projects including the Linux kernel SPDX-ification; the SPDX and ClearlyDefined projects, strace, several Python tools, and previously to JBoss, Eclipse and Mozilla. Philippe is also a long-time Google Summer of Code mentor and org admin. Work-wise, he is the CTO and co-founder of nexB, helping software teams track what’s in their code with DejaCode, an open source governance and compliance dashboard.