…
I am Kirya, an avid game developer. I was born and raised in a city that blends the ultra-modern with the deeply traditional, in the vibrant heart of Tokyo.
The dichotomy of ancient shrines standing serenely amidst soaring skyscrapers fascinated me from an early age. It was this contrast that not only defined the landscape of my hometown, but also helped shape my personality and my values.
| Tool/Project | Description | Focus and Features | Future Plans |
|---|---|---|---|
| Node Security Project (NSP) | Security for Node.js modules | Scans NPM dependencies, integrates with GitHub for continuous security monitoring | Enhance dependency security as part of the SDLC |
| RetireJS | JavaScript-specific dependency checker | Open-source, easy to use, multiple integration options | Encourage open-source framework authors to report security fixes |
| OSSIndex | Supports multiple technologies | Provides a free vulnerability API, covers JavaScript, .NET/C#, Java | Automate importing vulnerabilities from key sources |
| Dependency-check | Open-source tool by OWASP | Supports multiple programming languages, retrieves data from NIST NVD | Maintain and update support for multiple languages |
| Snyk | Commercial service for JavaScript npm dependencies | Detects and fixes vulnerabilities, integrates tightly with GitHub | Build runtime tools for better visibility and control in production systems |
| Gemnasium | Commercial tool with unique features | Auto-update feature, supports multiple languages, integrates with Slack | Launch an enterprise version, support more languages starting with Java |
| Honorable Mentions | BlackDuck, Sonatype's Nexus, Protecode, SecurifyGraphs | Provide end-to-end solutions for third-party component management | No specific future plans mentioned |