Google’s API Detects Open-Source Dependencies in Software Supply Chain

Software Supply Chain: Googles ermittelt Open-Source-Dependencies

Google has launched an API for its Open Source Insights project, dubbed, aimed at helping to secure software supply chains. The API allows users to query the metadata and is intended to be integrated into development tools and workflows. Google wants to help users recognise dependencies and transitive dependencies that could pose a risk, with metadata for Maven, npm, PyPI, Go Modules and the Rust package manager Cargo, with NuGet for .NET packages to be added soon. Currently, can offer hash queries, which can help users determine the package they have if metadata is missing or incomplete.

Leave a Reply