IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Google unveils new Assured Open Source Software service

New offering aims to protect enterprise customers using the same end-to-end security capabilities that Google uses for its own OSS portfolio

Google has announced its new Assured Open Source Software service as part of the tech giant’s drive to help organizations strengthen their OSS supply chain.

Expected to enter Preview in Q3, the Google Cloud product has been designed to enable enterprises and public sector users of open-source software to easily incorporate the same OSS packages that Google uses in its developer workflows.

Related Resource

What is contextual analytics?

Creating more customer value in HR software applications

Whitepaper cover with data dashboard imageFree Download

“Assured OSS lets organizations benefit from Google’s extensive security experience and can reduce their need to develop, maintain, and operate complex processes to secure their open source dependencies,” Google said in a blog post.

The offering forms part of Google’s efforts to help make the open-source software ecosystem more secure. Packages curated by the Assured OSS service will be regularly scanned, analyzed, and fuzz-tested for vulnerabilities, while corresponding enriched metadata will incorporate Container/Artifact Analysis data.

They will also be built with Cloud Build, including evidence of verifiable SLSA-compliance, verifiably signed by Google, and distributed from a secure and protected Artefact Registry.

Ultimately, Google said it is aiming to centralize control and actively secure each stage of the software supply chain for an open-source dependency.

“Assured OSS allows enterprise customers to directly benefit from the in-depth, end-to-end security capabilities and practices we apply to our own OSS portfolio by providing access to the same OSS packages that Google depends on,” the company added.

“Users will also be able to submit packages from their own OSS portfolio to be secured and managed through the Google Cloud managed service.”

Additionally, Google Cloud has announced a new collaborative effort with cybersecurity firm Snyk to further help developers understand their open source dependencies, as well as use Assured OSS to reduce their risk.

Assured OSS will be natively integrated into Snyk solutions for joint customers to use wherever they are developing code, Google said, while Snyk vulnerabilities, triggering actions, and remediation recommendations will be available within Google Cloud security and software development life cycle tools.

“The collaboration can help developers reduce the possibility of deploying open-source software with critical vulnerabilities, more quickly identify associated impact of vulnerabilities, better eliminate new threat exposures, and increase automation of their remediation activities,” Google explained.

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

HPE unveils new partner programme to boost XaaS practices
channel

HPE unveils new partner programme to boost XaaS practices

28 Jun 2022
Open source giant Red Hat joins HPE GreenLake ecosystem
automation

Open source giant Red Hat joins HPE GreenLake ecosystem

28 Jun 2022
HPE wins contract to provide The Home Depot with Aruba edge services
Network & Internet

HPE wins contract to provide The Home Depot with Aruba edge services

28 Jun 2022
Virgin Media O2 Business overhauls its approach to partner development
channel

Virgin Media O2 Business overhauls its approach to partner development

24 Jun 2022

Most Popular

Salaries for the least popular programming languages surge as much as 44%
Development

Salaries for the least popular programming languages surge as much as 44%

23 Jun 2022
The UK's best cities for tech workers in 2022
Business strategy

The UK's best cities for tech workers in 2022

24 Jun 2022
LockBit 2.0 ransomware disguised as PDFs distributed in email attacks
Security

LockBit 2.0 ransomware disguised as PDFs distributed in email attacks

27 Jun 2022