Tag
Charlie Marsh announces uv audit, a native vulnerability scanning feature for project dependencies in the uv package manager.
AI can now complete OWASP security audits in 30 seconds instead of three days, using a single prompt to identify vulnerabilities like SQL injection, XSS, and broken authentication.
The article discusses the rise of LLM-powered automated vulnerability scanning for open source code, leading to a significant increase in security reports, and coins this trend as the 'strip mining era of open source security'. It highlights the shift in both volume and quality of reports observed by Metabase and others starting in early 2026.
Daniel Stenberg reports that Anthropic's Mythos AI model identified a vulnerability in curl, highlighting the growing role of advanced AI in security auditing while noting initial access hurdles via the Linux Foundation.
A practical guide to securing Python supply chains through layered defenses including linting with Ruff, dependency pinning with hashes, vulnerability scanning with pip-audit, SBOM generation, and Trusted Publishing with OIDC attestations.
Trivy is a comprehensive, open-source security scanner by Aqua Security that detects vulnerabilities, misconfigurations, secrets, and license issues across containers, filesystems, git repos, and Kubernetes.