Introducing the New Package/Library Catalog for Node.js, PHP, Python, Ruby, & Java
Released on: January 2025
Atatus now added the feature Catalogs for packages and libraries in languages like Node.js, PHP, Python, Ruby, and Java. This feature provides detailed insights into:
- License: Identifies the type of license associated with the package, ensuring compliance with licensing requirements.
- Vulnerabilities: Highlights known security vulnerabilities in the package to help mitigate risks.
- Current Version: Displays the currently installed version of the package, making it easy to determine if updates are needed.
- OpenSSF Score: Indicates the security and health rating of the package, based on the standards set by OpenSSF.
The OpenSSF Score (Open Source Security Foundation Score) is a metric used to evaluate the security posture of open-source projects. It assesses various aspects of a project to ensure it adheres to best practices for open-source security and reliability.
The score typically considers:
- Code Quality: Whether the project follows secure coding practices.
- Dependency Management: How well the project handles its dependencies, including addressing vulnerabilities.
- Community Engagement: The project's responsiveness to security issues and its maintenance activity.
- Best Practices: Adoption of practices such as cryptographic signing of commits, secure CI/CD pipelines, and multi-factor authentication.
By providing this score in Atatus, you can easily gauge the trustworthiness and security maturity of the packages used in your projects, allowing for better-informed decisions about their inclusion in your stack.