LibTracker Updates 12/16/24: Simplifying Dependency Management for Developers

Managing dependencies is one of the most critical aspects of modern software development. With LibTracker, our VSCode extension, we’re empowering developers to maintain up-to-date, secure, and compliant applications effortlessly.

View your app's dependencies at a glance, identify outdated versions, fix security vulnerabilities, and address problematic licensing—all in one streamlined tool.

Access LibTracker here: [Visual Studio Marketplace](https://marketplace.visualstudio.com/items?itemName=windmillcode-publisher-0.lib-tracker)

New Features:

- Dependency Insights: Now see the latest available version and the recommended stable version for each dependency. The stable version aligns with your package manager's suggestions, helping you make safe updates without risking app stability.

- Enhanced Usability: Added action icons with tooltips for a more intuitive experience.

- Unused Code Detection: Identify unused packages and imports with ease.

- Edge Case Handling: Improved handling for non-registry packages, ensuring you receive as much information as possible.

Upcoming Enhancements:

- Progress Indicators: Visualize progress for checks like outdated versions, unused dependencies, and pre-fetch operations.

- Collapsible Action Icons: Streamline the interface by collapsing less frequently used tools.

- Advanced Filters: Add glob or regex-based ignore patterns for app subpath searches.

- Git-Based Backups: Explore using Git instead of the filesystem for enhanced backup reliability.

- App Detail Page Improvements:

  - Display CVE information.

  - Advanced search functionality.

  - Responsive design with card-based layouts for better readability.

Future Goals:

- SBOM Generation: Automatically create a comprehensive Software Bill of Materials for your projects.

- License and CVE Summaries: Summarize key insights using URLs or AI-generated categories.

- Subdependency Insights: Enable direct navigation to subdependencies within the license pane.

At Windmillcode, we are committed to helping developers build secure, efficient, and scalable applications. Stay tuned for continuous updates, and let us know how we can further improve LibTracker to meet your needs.

OWASP's Dependency-Track tool update: Key changes — and limitations

OWASP has released a new version of its dependency tracking tool, but the update is not the final word on managing software risk. https://www.reversinglabs.com/blog/owasp-dependency-track-update-key-changes-and-limitations-on-software-risk-management

The White House released the first version of the implementation plan for its National Cybersecurity Strategy on July 13, including more than 65 initiatives aimed at mitigating cyber risk and bolstering investment into cybersecurity.

👉 National Cybersecurity Strategy Implementation Plan

The plan includes sample initiatives for the five pillars of the National Cybersecurity Strategy:

Defending critical infrastructure:  The Cybersecurity and Infrastructure Security Agency (CISA) will lead the update of the National Cyber Incident Response Plan that includes guidance for the roles and a coordinated manner between the government and private sector.

Disrupting and dismantling threat actors:  CISA and the FBI co-chair the Joint Ransomware Task Force to combat ransomware and other cybercrime. The FBI, in collaboration with international and private sector partners, aims to disrupt the ransomware ecosystem, including virtual asset providers that enable the laundering of ransomware proceeds and web forums offering initial access credentials.

Shaping market forces to drive security and resilience:  To increase software transparency and accountability, CISA continues to lead the drive to close gaps in software bill of materials (SBOM) scale and implementation.

Investing in a resilient future:  The National Institute of Standards and Technology (NIST) will lead the Interagency International Cybersecurity Standardization Working Group to drive key security standardization including the post-quantum cryptography standard.

Forging international partnerships to pursue shared goals:  The Department of State is set to publish an International Cyberspace and Digital Policy Strategy and work to help establish and strengthen country and regional interagency teams to facilitate coordination with partner nations.

Software supply chain is a new focus

The third pillar of the Implementation Plan focuses on securing the software supply chain, focused on software design resilience. VMware’s principal cybersecurity strategist Rick McElroy lauded this plan; he said securing cloud software — software as a service — needs special focus.

“The current NCSIP shows this administration’s commitment to cybersecurity, building on executive orders and funds dedicated to transforming and modernizing the federal government’s cybersecurity posture, which is long overdue,” McElroy said. “One consideration for this, however, is a Software Bill of Materials for Cloud software. What is a Cloud SBOM? What does that look like? Conversely, how can SBOMs be applied to practical cybersecurity defense to take advantage of that data to cut down noise?”

He added that the current working group being led by the Cybersecurity and Infrastructure Security Administration is working to address this. “But there remains a gap in SBOM discussions. SaaSBOM is a must in a cloud-first world,” McElroy emphasized.

SBOM-a-Rama 2023 Round-up

Last week the Cybersecurity & Infrastructure Security Agency (CISA) hosted SBOM-a-Rama 2023 (great event name!) in Los Angeles - a meeting about the current state of Software Bill of Materials (SBOM).

Several articles about the event shared takeaways and quotes from presenters and attendees:

• TechTarget's article SBOM standards efforts stymied by confusion summarized the topics presented at the event and highlighted the challenges faced in adopting SBOMs including some quotes from those in the field.

• Interlynk shared a summary on their blog, SBOM-a-RAMA ’23: Key Updates.

• ReversingLabs published CISA SBOM-a-rama tackles challenges: 5 key takeaways

Edit (August 1, 2023): Video from the 2023 SBOM-a-Rama event is now online. Slides are also available from the previous SBOM-a-Rama event held in December 2021.

Explore the importance of deployment security and the potential risks involved. Learn how OpsMx can help you strengthen your deployment security practices and protect your applications from threats.

EngFlow And tipi.build Reveal CMake Remote Build Execution Solution For C And C++ Community

A ground-breaking CMake Remote Build Execution (CMake RE) service in beta has been introduced by EngFlow and tipi.build in collaboration. With financial support from Andreessen Horowitz, firstminute capital, and Tiger Global, this service uses automatic caching and cloud-based distributed build execution to substantially reduce C and C++ build times to only minutes while boosting software security.

Development of C and C++ has advanced significantly with the introduction of CMake RE, powered by EngFlow and tipi.build. This Beta release aims to redefine program development, guaranteeing both speed and security, by utilizing autonomous caching and cloud-based distributed execution.

At a special session during CPPCon in Aurora, Colorado, engineers from both businesses will share in-depth insights into this new product and its capabilities.

Read More - https://bit.ly/3rIWD7B

Back to school~

Sekolah lagi.. HBD bu Syifa!

Akhirnya balik lg ke sekolah setelah 2 mingguan libur. Bismillah hari senin adem ayem sesuai jadwal jam 7.30, pake baju wara wanita udara lalu upacara. Dianter ayah, aku mnt fotoin nemo tadinya mau posting kemarin, ngga dikirim2 sampe sore sampe akupun lupa nagih hemm.

Grup ortu lagi rame jadwalin arisan dan katanya bu syifa ultah hari senin, owalaaah gmn belom beli kado dll. Diskusi dulu sm yg lain sepakat beli kado dan cake. Buibu rada slowres, bbrp ikut mikir tp yg action cuma aku dan mama mica akhirnya kami putusin weh ke pvj ke sogo lagi beliin tas kaya hadiah utk bu dina kemarin. Alhamdulillah dapet tas simple nan lutju ditengah waktu yg mepet, kami start nyari jam10an. Abistu beli cupcakes ke pompidou aja weh, disana bisa custom topper buat ucapannya, cm nunggu 5 menit. Okelah dah beres, 10 menit sbom bel keluaran sekolah kami tiba, disana udah ada 3 mama lainnya jd surprise in ber 5 aja. Langsooong eksekusi haha riweuh ku anak2 mau nyoel2 cakenya tp smuanya kompak nyanyiin lagu "selamat ultah" utk bu syifa. Yeaaay alhamdulillah beres dan berhasil..

Sekali lagi selamat ulang tahun bu syifa, guru kesayangan anak2 kami.. Semoga suka kadonya ya bu!

On SBOMs, BitBucket, and OWASP Dependency Track

http://securitytc.com/THCxyR

Rust zyska ogromną popularność, SBOM-y rozczarują: Przewidywania dla otwartego oprogramowania

Rust: Rewolucja w Świecie Programowania i Przewidywania na Lata 2024/2025 Miniony rok okazał się dla świata open-source pełen dynamiki i innowacji. Od zaawansowanych narzędzi programistycznych, aż po burzliwe dyskusje dotyczące standardów i licencji, sektor ten nieustannie ewoluuje w szybkim tempie. W miarę zbliżania się nowego roku 2025, warto spojrzeć na kończący się rok i zastanowić się nad…

Rust Will Explode, SBOMs Will Be Duds: Open Source Predictions - The New Stack

LibTracker Updates 12/2/24: Get to personally know your apps with this simple SBOM Tool

*  Greetings everyone working on my LibTracker Vscode Extension. Get to personally know your apps with this simple SBOM Tool.  View at a a glance and fix outdated versions, security vulnerabilities and problematic licensing.

* You can access here https://marketplace.visualstudio.com/items?itemName=windmillcode-publisher-0.lib-tracker.

# New Features

- Smart Expand/Collapse: Expand/Collapse all items in a category when opened. Expand all items in a category when opened.

- get license info about every version of  every package of the app along with its subdependencies

- toggle select all apps in project detail page

# Next Goals

- recursion exclusion list

- (mabye) workspace folder

  - (depends on capabilbility of vscode api to access vscode profiles)

- git backup changes

- app detail page

  - cve info

  - search (root row is possible but useless search every nested child row)

  - responsiveness app detail page can tabulator turn to  series of cards

- Generate SBOM

- URL or AI summary of categories and names for licenses and CVES

- (if possible) click on subdependency in license pane will take you to its location in table

SBOMs and your org: Go beyond checkbox security to manage risk

It's a losing proposition to generate SBOMs just to land a federal contract or meet an industry requirement, without analyzing and acting on its data to improve software security. https://tinyurl.com/yncw4688

A software bill of materials (SBOM) is a list of components included in software. Software vendors often combine open source and commercial software components to create a product; the SBOM describes the components within the product.

This list, maintained on GitHub, is a compilation of various information about SBOM.

What an awesome list!

Cybeats Technologies Provides Update

Cybeats Technologies Provides Update Toronto, Ontario–(Newsfile Corp. – December 18, 2024) – Cybeats Technologies Corp. (CSE: CYBT) (OTCQB: CYBCF) (“Cybeats” or the “Company”), a leading provider of software supply chain security solutions, today announced significant advancements in commercial growth and corporate initiatives, solidifying its leadership role in the growing SBOM (“Software Bill…

¿Qué es un SBOM? Lo que Necesitas Saber | #ciberseguridad #seguridadinformatica #seguridadonline