We’ve added a new type of registries to Bytesafe. Firewall registries let you centralize security for your organization.
This feature allows you to centrally manage a set of security policies, including quarantine, and will automatically impact all downstream registries.
Read moreThis release expands the Software Composition Analysis capabilities of Bytesafe with Source repository scanning.
Source repositories allow users to link their Git repositories to Bytesafe for continuous dependency analysis. Get insight into your dependencies and export SBOMs for individual components or whole repositories.
Read moreThis release adds support for the .NET ecosystem and NuGet packages. Make sure every developer and application has access to secure dependencies with Bytesafe private NuGet registries.
With Bytesafe fully managed NuGet registries users can continue using their regular tools like Visual Studio and the nuget CLI to access public dependencies by proxying nuget.org (or other external feeds). The Bytesafe Dependency Firewall makes sure all NuGet dependencies are secure and comply with your business requirements.
Read moreWe have now added support for Maven repositories so that you can apply the same supply chain security to your Java, Kotlin or Scala applications using build tools like Maven and Gradle.
Make sure all your application dependencies from Maven central, or other public repositories, are secure and comply with your business requirements.
Our goal has always been to make the JavaScript ecosystem a safer place. Now we’re proud to announce that we are broadening our mission with support for more ecosystems.
Using Bytesafe adds significant security to an organizations supply chain - while at the same time being transparent and easy to use
for developers that can continue to use the tools they are used to, such as mvn and gradle.
The Delay Upstream policy prevents newly published packages from being added to a Bytesafe registry until a set delay (in days) has passed. Until then such a new version will not be allowed from external upstream like npmjs or maven central.
It’s common to automatically pull the latest versions of packages from public upstreams, regardless of version maturity, especially in automated environments like CI/CD pipelines. But with popular packages often being targets for attacks, there is every reason to be cautious and only allow new packages after a set safety period.
Read moreThe features included in our premium plans has been extended with unlimited read-only users. Read-only users gives free access to key metrics, security and license issues for other stakeholders within your organization - without worrying about cost.
Send an invite directly or have users request invites on their own from any Bytesafe link.
Read moreWith this release License Compliance in Bytesafe has been reworked and greatly improved, offering fine-grained control over allowed open source licenses for your dependencies.
In fast changing environments, continuous compliance is the only way to make sure you don’t depend on packages with non-compliant licenses. Create license policies to match your unique needs, preventing or allowing open source licenses at every action - according to your list of license rules. Stay in control with in-depth license scanning and prevent use of packages with in-compatible licenses altogether with package quarantine.
Read moreThe existing Bytesafe GitHub integration has been extended to support linking of Bytesafe Issues to GitHub issues and pull requests.
You can link issues on mentions from both Bytesafe and GitHub Issues:
Big release that adds Issue tracking and automatic Quarantine of packages surpassing defined threshold levels.
Bytesafe automatically identifies and creates issues with a unique identifier. This improves traceability and visibility of where your attention is required. This is crucial to maintain your registries to understand, evaluate risks and identify remediation actions. Issues in Bytesafe help you get a holistic overview of what issues exist in your registries and which potentially can result negative impact for your applications and business.
Additionally, packages can automatically be quarantined based on your defined rules, protecting applications from exposure from potentially threatening events. Quarantine helps you protect your teams from using bad packages that contain known vulnerabilities, don’t comply with your license compliance or packages that have been deprecated.
Read moreThis release adds email and in-app notifications features for the Bytesafe Workspace.
Notifications help users to stay up to date on the latest updates in a workspace such as changes to the users, subscriptions or the account. Users can also be notified of any open issues in Bytesafe.
Read morePrevent internal packages from being fetched from external upstreams by mistake. Packages flagged as internal will automatically be protected from dependency confusion.
The open source licenses information available for packages in Bytesafe has been extended, with:
package.json metadataBig release that adds Dashboards in Bytesafe. All security issues, license issues and other relevant metrics from your registries in one place.
Bytesafe has also been completely redesigned to greatly improve the user experience across all devices.
Read moreThe package license information available for packages stored in Bytesafe registries has been extended with package license analysis.
In addition to the licenses defined in package.json, Bytesafe will now scan packages and identify licenses information in other package files as well.
Two new policies have been added to Bytesafe: Block and Allow-only. Both policies are used to enforce control over what packages or package versions are allowed in a registry.
The Block policy prevents specific packages from being added to a registry. Just the opposite, the Allow-only policy is used to only allow specific packages in a registry.
Read moreThe License scanner plugin scans all packages in a registry and flags potential license issues.
Issues flagged by the scanner are displayed in Bytesafe and notifications will be sent to the configured Slack channels.
Read moreBytesafe now offers support for integration with Git repositories as upstreams to your registries.
This feature allows users to connect private and public Git repositories to Bytesafe as package sources. For the developer this means that node modules can be installed regardless if they are sourced from your private registry, an external npm registry or Git repository.
Bytesafe plugins and policies can also be applied on modules sourced from Git repositories.
Read moreBytesafe now supports read-only tokens. For example, these can be used in CI/CD pipelines where you only require read access or similar use cases.
Read moreThe Teams plan enables teams management, basic access control, Slack integration and full access to all our plugins and policies.
Read moreThe release brings Security Scanning features to Bytesafe registries, by adding a Vulnerability Scanner plugin and three security related policies.
We are also releasing a Slack integration which allows you to be notified when new vulnerabilities are found in your workspace.
Read moreTwo main features of the release related to release management: Promote functionality for package versions as well as Version auto increment plugin has been added.
Promote package, lets you select a existing package version and promote it to a new version (and possible new target registry), removing the need to re-publish from your project and running the risk of including unplanned changes.
Read moreThe npm deprecate command is now supported with Bytesafe registries.
Additionally, deprecate information linked to the package version is now available as output when using npm install and bytesafe push / pull.
Information regarding deprecated package versions is also available in the Bytesafe web application.
Read moreMain feature added by the release is a Bytesafe CLI for the Windows OS. Bytesafe CLI is available for download from the CLI page of the Bytesafe documentation.
Release notes:
npm whoami, ping, audit, logout, token commandsyarn commandsWe are happy to introduce Policies & Plugins for Bytesafe registries:
The main feature of the initial release is to provide private registry functionality, including: