Another option is to use a Dependency Firewall, such as Bytesafe, which allows you to quarantine unwanted open source packages with vulnerabilities or non-compliant licenses. The platform provides a policy engine where you define the open source usage and security rules and the Dependency Firewall does the enforcement. - Source: dev.to / over 1 year ago
There are a few companies in this space that are trying to do the "Security Seal of Approval" thing to various degrees. Tidelift is one company that has a bunch of "catalogs"[0] of packages. I'm not sure how their package metadata is generated though -- maybe semi-manually? There is also Bytesafe[1] which is supposed to help give you a way to "firewall" yourself from unapproved dependencies. I don't think they... - Source: Hacker News / over 1 year ago
I was trying bytesafe.dev recently and it was good for me, as it would stop the npm install of any package that had a security issue. But now that I am out of the free trial, it is to limited for me without paying for an upgraded plan. And their support never replies to my requests. Source: about 2 years ago
These steps will let you get your own private repository using Bytesafe:. - Source: dev.to / over 2 years ago
When using private repositories from Bytesafe, public dependencies will be proxied, pulling any required (and allowed) version into your private Maven repository. Using public repositories like Maven Central as an upstream makes sure you can access your organization's required open source dependencies - while maintaining security and control. - Source: dev.to / over 2 years ago
Good news! Easily achievable with the Dependency Firewall in Bytesafe private registries. Here's how. - Source: dev.to / over 2 years ago
To help out, we’ve compiled a shortlist of security steps to take your organization from basic protection to the maximum protection of the full Bytesafe Dependency Firewall. - Source: dev.to / over 2 years ago
Thanks for the insightful comment! Our main platform https://bytesafe.dev aligns with this. We know the energy associated with adding products to your stack and learning new patterns/tools, so we’re aiming to make Bytesafe complement the tools that you are already using. Source: over 2 years ago
(For clarity: I'm also working with https://bytesafe.dev/). Source: over 2 years ago
Bytesafe allows you to combine your team’s need for package management of JavaScript open source packages with security. Using Bytesafe, developers can access public open source dependencies or private proprietary components for your applications, securely. Mitigating risks for your business. - Source: dev.to / over 2 years ago
Do you know an article comparing Bytesafe to other products?
Suggest a link to a post with product alternatives.
This is an informative page about Bytesafe. You can review and discuss the product here. The primary details have not been verified within the last quarter, and they might be outdated. If you think we are missing something, please use the means on this page to comment or suggest changes. All reviews and comments are highly encouranged and appreciated as they help everyone in the community to make an informed choice. Please always be kind and objective when evaluating a product and sharing your opinion.
