Skip to main content

jbom - Dependency Analysis For Java Apps

 jbom, an open source project hosted by the Eclipse Foundation generates SBOMs from any Java project. Why is that useful?

Supply chain security is all the rage right now. We've taken a look at the implications as well as the ways of mitigation according the Linux Foundation's answer to supply chain attacks:

To build useful software we don't reinvent the wheel but we base on work already done coming bundled in the form of libraries. The problem is that even a mediocre open source project can have loads of such dependencies which themselves depend on others , forming a lengthy chain. Not a problem per se unless malicious code or security vulnerability finds its way anywhere in this chain.


full article on i-programmer:

https://www.i-programmer.info/news/80-java/16086-jbom-dependency-analysis-for-java-apps.html


Labels:

Comments

Post a Comment

Popular posts from this blog

Fable - Write Front-end apps for the Web in F#

 How would it sound to be able to write front-end apps for the Web in  functional style and with type safety? Enter Fable, a F# to Javascript compiler with both those in mind. Fable transpiles F# to ES2015 JavaScript so code written in F# can run anywhere JavaScript runs - the browser, Node.js, Electron,React Native or generally V8. Yes of course with Typescript you can have type safety when transpiling to Javascript and since Fable does the same for F#, in terms of performance they should be equivalent. The difference is in the language itself. Although F# is a multi-paradigm language, it's big advantage is its concise syntax which renders it much easier to read and comprehend, and its default properties of immutability, rich types which let you easily represent your data or your domain and powerful pattern matching abilities for defining complex behaviors. full article on i-programmer.info: https://www.i-programmer.info/news/87-web-development/14969-fable-write-front-end-apps-for
Post a Comment
Read more

pg_ivm - Materialised Views On Steroids

 pg_ivm is an extension module for PostgreSQL 14 that provides an Incremental View Maintenance (IVM) feature.That means that materialized views are updated immediately after a base table is modified. pg_ivm gives answer to the age old problem of when to refresh the materialized view. As a refresher or reminder, a materialized view versus a normal view is that the former keeps a copy of the data referenced to speed up querying since you actually query that copy, while the latter performs a live query every time. That might be great, but not ideal as you have to decide when to refresh that copy in order to avoid querying stale data.Until now in Postgres this could be done when running the command REFRESH MATERIALIZED VIEW. But again, when is the right time to run it, given the performance aspect of the time it takes for the operation to complete? full article on i-programmer: https://www.i-programmer.info/news/84-database/15470-pgivm-postgres-materialised-views-on-steroids.html
Post a Comment
Read more

Dash Dash - Making Linux Documentation More Approachable

  Dash Dash is a new website that aims to prettify the ugly that is the Man Pages. What once felt like a maze of weird symbols and hyper intense colors, now are visually subdued and easier to understand. Navigating Linux documentation when in need is not something enjoyable.Take for instance the Man Pages for chmod : full article on i-programmer: https://www.i-programmer.info/news/81-web-general/15425-dash-dash-making-linux-documentation-more-approachable.html
Post a Comment
Read more