Heisenberg is an open-source tool that checks the health of a software supply chain. It analyzes dependencies using data from deps.dev, Software Bills of Materials (SBOMs), and external advisories to measure package health, detect risks, and generate reports for individual dependencies or entire projects. “We wanted a practical way to catch and block risky changes before they reached the main branch,” Max Feldman, Head of Application Security at AppOmni, told Help Net Security. “The turning … More

The post Heisenberg: Open-source software supply chain health check tool appeared first on Help Net Security.