Securing Open Source Components in Software Development
Strategies to manage and mitigate risks associated with using open source libraries and frameworks.
0 likes
185 views
Rule Content
{
"title": "Securing Open Source Components in Software Development",
"description": "Strategies to manage and mitigate risks associated with using open source libraries and frameworks.",
"category": "Security",
"category_context": "Flags unsafe code, secrets, and insecure configurations.",
"rules": [
{
"id": "oss-001",
"description": "Ensure all open source components are sourced from trusted repositories and verified using checksums or digital signatures.",
"severity": "High",
"pattern": "import .* from ['\"](?!trusted-repo\\.com).*['\"]",
"message": "Importing from untrusted repositories can introduce security vulnerabilities. Use trusted sources and verify integrity."
},
{
"id": "oss-002",
"description": "Regularly update open source dependencies to their latest secure versions.",
"severity": "Medium",
"pattern": "import .* from ['\"].*['\"]",
"message": "Ensure that all imported open source components are up-to-date to mitigate known vulnerabilities."
},
{
"id": "oss-003",
"description": "Avoid using open source components with known vulnerabilities.",
"severity": "Critical",
"pattern": "import .* from ['\"].*['\"]",
"message": "This component has known vulnerabilities. Consider using a secure alternative or updating to a patched version."
},
{
"id": "oss-004",
"description": "Ensure open source components comply with licensing requirements compatible with the project's license.",
"severity": "High",
"pattern": "import .* from ['\"].*['\"]",
"message": "The license of this component may not be compatible with your project's license. Review and ensure compliance."
},
{
"id": "oss-005",
"description": "Implement a Software Bill of Materials (SBOM) to track all open source components and their dependencies.",
"severity": "Medium",
"pattern": "import .* from ['\"].*['\"]",
"message": "Maintain an SBOM to monitor and manage all open source components and their dependencies effectively."
},
{
"id": "oss-006",
"description": "Remove or replace unmaintained or obsolete open source components.",
"severity": "High",
"pattern": "import .* from ['\"].*['\"]",
"message": "This component is unmaintained or obsolete. Consider replacing it with a maintained alternative."
},
{
"id": "oss-007",
"description": "Validate and sanitize all inputs to prevent injection attacks.",
"severity": "Critical",
"pattern": ".*input\\(.*\\).*",
"message": "Unvalidated input can lead to security vulnerabilities. Ensure proper validation and sanitization."
},
{
"id": "oss-008",
"description": "Avoid hardcoding secrets such as passwords or API keys in the codebase.",
"severity": "Critical",
"pattern": ".*(password|api_key|secret).*=['\"].*['\"]",
"message": "Hardcoding secrets in the codebase is insecure. Use secure vaults or environment variables instead."
},
{
"id": "oss-009",
"description": "Use secure protocols (e.g., HTTPS) for all communications involving open source components.",
"severity": "High",
"pattern": ".*http://.*",
"message": "Insecure protocol detected. Use HTTPS to ensure secure communication."
},
{
"id": "oss-010",
"description": "Implement access controls to restrict unauthorized access to open source components.",
"severity": "High",
"pattern": ".*",
"message": "Ensure proper access controls are in place to prevent unauthorized access to open source components."
}
]
}