murphysec v3.1.6 releases: open source tool focused on software supply chain security

murphysec

MurphySec CLI is used for detecting vulnerable dependencies from the command-line, and also can be integrated into your CI/CD pipeline.

Features

1. Analyze dependencies being used by your project, including direct and indirect dependencies
2. Detect known vulnerabilities in project dependencies

Supported languages

Currently supports Java, JavaScript, and Golang. Other development languages will be gradually supported in the future.

How it works

1. MurphySec CLI obtains the dependency information of your project mainly by building the project or parsing the package manifest files.

2. The dependency information of the project will be uploaded to the server, and the dependencies with security issues in the project will be identified through the vulnerability knowledge base maintained by MurphySec.

Note: MurphySec CLI will only send the dependencies and basic information of your project to server for identifying the dependencies with security issues, and will not upload any code snippets.

Working Scenarios

1. To detect security issues in your code locally
2. To detect security issues in CI/CD pipeline

Learn how to integrate MurphySec CLI in Jenkins

Changelog v3.1.6

• fix(collect-info): fix NPE when repo is not exists

Install & Use

Copyright (C) 2022 murphysecurity