Deps.dev

2023: API Announcement

On April 11, 2023, Google announced the release of an application programming interface (API) that allows developers to scan open source for vulnerabilities and other problems.

The solution was called deps.dev API. The emergence of this tool is part of Google's larger cybersecurity initiative launched in 2021. It is noted that developers often include open source ecosystem packages in their software products. Such modules eliminate the need for programmers to create all the functions of their applications from scratch. Open source packages, however, could potentially pose a security risk.

Google has released an API to identify vulnerabilities in open source software

To eliminate the likely risks, Google initiated the deps.dev project. It provides information on more than 5 million open source packages. Using deps.dev, the development team can check whether a particular module contains vulnerabilities. Google also provides information about other issues, such as licensing restrictions. In particular, some open source packages have licenses that limit commercial use.

Google says the new API will make it easier for developers to use the deps.dev dataset. Using the tool, programmers can create a specialized plugin that provides integration with the deps.dev platform. When loading open source packages, such a plugin will automatically scan them for vulnerabilities. In a similar way, potential licensing issues may be identified. The API also adds support for hash requests: this feature will make it easier to detect attacks on the supply chain. In general, the proposed solution will help developers improve the security of their products.^[1]

Notes