Google announced the formation of a new "Open Source Maintenance Crew" on Thursday, with the goal of improving the security of major open source projects.
Furthermore, the tech giant mentioned Open Source Insights as a tool for analysing packages and dependency graphs, with the goal of determining "if a vulnerability in a dependency might influence your code."
"Developers can comprehend how their software is put together and the repercussions of changes in their dependencies using this information," the business claimed.
The news comes as the open source software ecosystem's security and trust have been called into question in the wake of a series of supply chain assaults aimed at disrupting developer processes.
A severe issue in the widely used open source Log4j logging library caused several companies to scramble to fix their systems against potential abuse in December 2021.
The news comes less than two weeks after the Open Source Security Foundation (OpenSSF) unveiled the Package Analysis initiative, which aims to perform dynamic analysis of all packages published to popular open source repositories.