Too Long; Didn't Read
Attacks on the open-source ecosystem continue to grow in various forms, the need to step up security efforts for developers has become paramount. Maven Central, the largest Java ecosystem, has introduced a built-in vulnerability scanner, called Sonatype Lift, for publishers and maintainers of software at no cost for life. The report says a typical application contains 38 known OSS vulnerabilities, on average, and thousands of packages are getting published daily to leading open source software repositories. OSSRH, introducing automatic automatic checks before the distribution stage can help spread awareness among software publishers.