VentureBeat

Google has quietly launched a GitHub competitor, Cloud Source Repositories

Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More Google hasn’t announced it yet, but the company earlier this year started ...
9to5google

Google Cloud launches Cloud Source Repositories beta for developers

When Google Code, Google’s free hosting for open source projects, began shutting down in 2015, the developer community was reasonably upset. Google seems to have taken some of that criticism to heart ...
TechCrunch

Google’s Cloud Source Repositories gets better search tools

Google today announced an update to Cloud Source Repositories, its recently relaunched Git-based source code repository, that brings a significantly better search experience to the service. This new ...
SiliconANGLE

New repository aims to illuminate open-source package vulnerabilities and malicious code

The Open Source Security Foundation today launched its Malicious Packages Repository, an open-source system for collecting and publishing cross-ecosystem reports of malicious packages. Claimed to be ...
InfoQ

Vercel Releases React Best Practices Skill with 40+ Performance Rules for AI Agents

Vercel has launched "react-best-practices," an open-source repository featuring 40+ performance optimization rules for React and Next.js apps. Tailored for AI coding agents yet valuable for developers ...
SiliconANGLE

Security researcher breaches Apple, Microsoft and others by exploiting open-source repositories

A security researcher has uncovered a security vulnerability that allowed him to run code on internal systems belonging to major companies, including Apple Inc., Microsoft Corp., Netflix Inc., PayPal ...
Ars Technica

More malicious packages posted to online repository. This time it’s PyPI

Researchers have uncovered yet another supply chain attack targeting an open source code repository, showing that the technique, which has gained wide use in the past few years, isn’t going away any ...
CSOonline

Dependency confusion explained: Another risk when using open-source repositories

Dependency confusion is a newly discovered logic flaw in the default way software development tools pull third-party packages from public and private repositories. Attackers can take advantage of this ...
Computerworld

Should open-source repositories block nations under U.S. sanctions?

Arabcrunch has accused major open-source repository SourceForge of blocking all access to software projects it hosts for anyone in Syria, Sudan, Iran, North Korea and Cuba. Not surprisingly, this ...
Nextgov

Bypassing Procurement Can Introduce Some Unwanted Visitors

The federal IT procurement safety net may be developing some holes. Many federal developers are forgoing traditional software purchasing in favor of going directly to the source and downloading code ...
Bleeping Computer

Open-source repositories flooded by 144,000 phishing packages

Unknown threat actors have uploaded a massive 144,294 phishing-related packages on open-source package repositories, inluding NPM, PyPi, and NuGet. The large-scale attack resulted from automation, as ...