by daudmalik06 on 12/12/24, 5:38 PM with 1 comments
---------- ---------- What's New in 2.0:
License Compliance: Automatically checks if your open-source dependencies comply with legal requirements, helping you avoid costly legal issues.
Docker Container Security: New insights into risks in container images, with actionable recommendations for improving security.
AI-Enhanced Vulnerability Scanning: Vulert Code Guard (coming soon) uses AI to detect if your app is actively using vulnerable functions from open-source libraries, helping you focus on real threats.
SBOM Export & Reports: Export your app dependencies as SBOMs, and generate vulnerability reports in PDF format.
Application Manager: Configure settings, and integrate with Jira to auto-create issues when vulnerabilities are found.
---------- ---------- Why Vulert?
Open-Source Growth, Increasing Risks: With the average organization using 1,700 open-source tools, the risk of vulnerabilities is skyrocketing.
Targeted Attacks on Open-Source: Attackers are increasingly exploiting open-source components, and traditional security tools often miss the mark.
Lack of Effective Solutions: Most existing tools are integration-heavy, require full access to your codebase, or are expensive. Vulert provides a lightweight, cost-effective solution.
---------- ---------- Vulert’s Approach:
Privacy-First: No need to inspect your code. Just upload your open-source list (e.g., package-lock.json).
Proactive: Receive alerts for new vulnerabilities as soon as they’re reported.
Affordable: Pay only for the modules you need, starting at $10/month per application.
---------- ---------- How It Works:
Continuous Monitoring: Stay up-to-date with security advisories across all your dependencies.
Real-Time Alerts: Get notifications about new vulnerabilities or threats in your dependencies.
Fast Response: If a critical vulnerability is detected, you’ll get an immediate alert.
---------- ---------- Key Features:
Interactive Dashboard: See your app's security health at a glance.
CI/CD Integration: Automatically catch vulnerabilities during development.
SIEM Integration: Works with tools like Splunk for continuous monitoring.
---------- ---------- Modules Available:
Open Source (SCA): Monitors for vulnerabilities in your open-source dependencies.
License Compliance: Checks your dependencies for license issues and legal risks.
Container Security: Analyzes container images for security issues.
SBOM Export: Generates CycloneDX-formatted SBOMs for security and compliance.
Code Guard (Coming Soon): AI-powered tool to identify vulnerable functions in your app code.
---------- ---------- Try our Vulert Playground to test your app’s security with no sign-up required. Upload your manifest file and get a risk assessment.
Useful Links:
Vulert Demo Dashboard: https://vulert.com/demo-login?demo=true Vulert Playground: https://vulert.com/abom Vulert Vulnerability Database: https://vulert.com/vuln-db Vulert Blog: https://vulert.com/blog
---------- ---------- Join the Open-Source Security Movement: We’re looking for feedback on Vulert 2.0. Feel free to ask questions, suggest improvements, or share your thoughts on how we can help make open-source software more secure.
by popey on 12/13/24, 12:42 PM
I submitted a package-lock.json file to the playground and got a vulnerability report after processing. The sort order next to the pie chart is weird. Medium / High / Critical / Low. I'd expect Critical / High / Medium / Low?
The vuln report ended up in my email spam folder.
I had to hit 'resend' multiple times to receive the verification email. Once I did, I had to either create a new account or login. I don't yet have a password. When I tried to create an account, it said my email was already taken. This onboarding flow seems quite janky.
Is Vulert Open Source software? I couldn't find any links or repos. What does "Join the Open-Source Security Movement" mean in this context?