It provides a unified framework for policy creation and management across multiple clouds, simplifies policy writing, and supports popular authorization models such as role-based and attribute-based access control. Additionally, AWS has adopted a verification-guided development process to ensure the security and safety of Cedar.

The open-sourcing of the project also includes the Cedar language specification and SDK which offers libraries for authoring and validating policies and authorizing access requests. 

Amazon Verified Permissions uses Cedar to allow you to manage fine-grained permissions in your custom applications. With Amazon Verified Permissions, you can store Cedar policies centrally, have low latency with millisecond processing, and audit permissions across different applications. 

The open-source libraries of Cedar allow users to test and validate policies on their own computers before deploying them with Amazon Verified Permissions. This makes it possible to use Cedar to run applications not connected to the network, allowing users to customize the libraries to meet their needs.

Additional details on the project are available here. 

The post SD Times Open-Source Project of the Week: Cedar appeared first on SD Times.

The new code search engine has been remodeled to be two times faster than the old one and has more capabilities such as supporting substring queries, regular expressions, and symbol search.

Code Search understands a user’s code and brings relevant results at high speeds by searching across multiple repositories. Users can search using regular expressions, boolean operations, keyboard shortcuts, and more.

“Imagine that a user complains that they received an error message from your service saying ‘query is not satisfiable.’ You’re not sure which system produced this error message, or which repository the code is in,” ​​Colin Merkel, software engineer at GitHub, wrote in a blog post. 

“Without code search, you might have to clone a bunch of repositories and grep through them, or ask a knowledgeable coworker. But with code search, you can instantly search across all of an organization’s code at once.” 

As an example, if a company uses Kubernetes and their infrastructure team reports a shortage of memory in their cluster, one approach could be to search for YAML configuration files containing the term “memory” across the team’s code. The search results, which can be saved with a query such as “saved:blackbird lang:yaml memory,” would reveal the Kubernetes configuration files for the team’s services and their allocated memory. The search results could then be shared with the infrastructure team to initiate a discussion on the memory allocation for those services.

For teams using React, the prop dangerouslySetInnerHTML is a well-known feature that enables the direct injection of HTML into an element using a string. However, it can pose a security risk if the string being injected is untrusted. One way to identify potential vulnerabilities is by searching for the usage of this prop across GitHub’s codebase using a query such as “repo:github/github dangerouslySetInnerHTML.” The search results could reveal any occurrences of the prop, including some linter rules that forbid its use. 

GitHub also redesigned its code view to integrate search, browsing, and code navigation. The company stated that this launch is just the beginning and it is infusing intelligence into every aspect of software development moving forward. 

The post GitHub launches new code search and code view appeared first on SD Times.

Frappe makes defining DocTypes easier without the need for code to be used everywhere, since everything in Frappe is a DocType. The framework also includes a single-page application with forms, lists, and search navigation built in.

Additionally, users have the ability to define customer roles and permissions that are applied out of the box on every interaction, and they can create their own applications that can be extended by other apps with Frappe’s modular architecture. 

The framework allows for integrations and comes with REST API and Webhooks on all models based on authentication. It also allows users to configure background workers as well as run periodic tasks that are powered by Python RQ.

Soket.io support based on NodeJS is also included, along with the ability to send, receive, view, and manage emails using SMTP and IMAP based email accounts.

Lastly, Frappe enables customers to host several sites on one server, with its database driven multi-tenant architecture. 

The post SD Times Open-Source Project of the Week: Frappe appeared first on SD Times.

At its inception in 2021, FAIR applied recent advancements in computer vision towards an intuitive pipeline in order to animate any human-like figures found in character drawings. 

The demo for Animated Drawings came as a publicly-accessible and web-based tool that allowed users to upload drawings, view/correct model predictions, and receive an animation starring the character in their drawings. 

With the demo, parents also had the option to opt to allow Meta to retain the image and annotations for suture research use. The demo was released with the hopes of collecting 10,000 drawings that could be used to improve model performance.

Today, the open-source version of the Animated Drawings project includes both the models and the code used by the Animated Drawings Demo. 

The company stated that the idea behind the open-sourcing of the project is to enable other developers to create demos and experiences that utilize the animation assets from user drawings. 

This project is also intended to lower the barrier to entry for people who wish to experiment with animation and create their own drawing-to-animation experiences. The release of both the model and code is geared at offering developers a starting point to build on and further extend the project.

To learn more, visit the website. 

The post SD Times Open Source Project of the Week: Animated Drawings appeared first on SD Times.

“InfluxDB 3.0 is a major milestone for InfluxData, developed with cutting-edge technologies focused on scale and performance to deliver the future of time series,” said Evan Kaplan, CEO at InfluxData. “Built on Apache Arrow, the most important ecosystem in data management, InfluxDB 3.0 delivers on our vision to analyze metric, event, and trace data in a single datastore with unlimited cardinality. InfluxDB 3.0 stands as a massive leap forward for both time series and real-time analytics, providing unparalleled speed and infinite scalability to large data sets for the first time.”

The solution was originally developed as the open-source project InfluxDB IOx and was built in Rust. It was then rebuilt as a columnar database that leverages the scale and performance of the Apache Arrow data structure to deliver real-time query responses. 

Users can also benefit from unlimited cardinality and high throughput to continuously ingest, transform, and analyze billions of time series data points, low-cost object store, and SQL language support. 

The new version is available now in InfluxData’s cloud products, including the fully managed service InfluxDB Cloud Dedicated. InfluxData also announced InfluxDB 3.0 Clustered and InfluxDB 3.0 Edge to give developers next-gen time series capabilities in a self-managed database and InfluxDB 3.0 will be available in these products later in the year.

The post InfluxDB 3.0 released with rebuilt database and storage engine for time series analytics appeared first on SD Times.

The software includes all the code, examples, and documentation businesses need to add safety to AI apps that generate text. NVIDIA said it’s releasing the project since many industries are adopting large language models (LLMs), the powerful engines behind these AI apps. 

Users can set up three kinds of boundaries with NeMo Guardrails: topical, safety, and security. 

With topical guardrails, apps can be prevented from going into unwanted areas by implementing topical guardrails. An instance of this is preventing customer service assistants from responding to inquiries regarding the weather.

Safety guardrails ensure apps respond with accurate, appropriate information. They can filter out unwanted language and enforce that references are made only to credible sources.

Security guardrails restrict apps to make connections only to external third-party applications known to be safe.

The tool is compatible with the tools that enterprise app developers commonly use. For example, it is capable of functioning on LangChain, an open-source toolkit that developers are readily embracing to incorporate third-party applications with LLMs. Furthermore, NeMo Guardrails is designed to be versatile enough to function with a wide range of LLM-enabled applications, including Zapier.

The project is being incorporated into the NVIDIA NeMo framework that already has open-source code on GitHub.

The post NVIDIA’s NeMo Guardrails adds security features to AI chatbots and generative AI appeared first on SD Times.

With Tython, customers can design reusable security references architectures as-code with pre-built blueprints so that they don’t need to build custom parsers for every language and integrations for every tool.

Users also gain the ability to define security and governance policies in any programming language they want, including Python, Rust, Golang, Sentinel, and OPA.

This open-source offering also works to remove the need for traditional configuration management constraints with a meta-model of the user’s application architecture. According to the maintainers, this provides enhanced security visibility.

Furthermore, customers are enabled to identify security and compliance issues based on business application context, and then automatically apply security.

The maintainers also stated that Tython allows for the creation, remediation, and enforcement of the end users custom security policies as soon as possible from architecture design to post-deployment drift detection. 

The framework also natively integrates across the cloud, offering multi-cloud support, the ability for developers to choose their IaC tools, intelligent remediation and drift-detection, and full visibility to the entire cloud application architecture through an interactive graph. 

To learn more, visit the website.

The post SD Times Open Source Project of the Week: Tython appeared first on SD Times.

According to the company, this open-source offering provides a similar experience to frameworks such as Next.js, Nuxt, and SvelteKit, building on top of Angular.

Analog also supports filesystem-based routing on top of the Angular Router. Routes are defined using folders and files in the src/app/pages folder and only files ending with .page.ts are collected and utilized to build the set of routes. 

Additionally, it includes support for using markdown as content routes, as well as rendering markdown content in components. To use content files in Analog, the @analogjs/content package must be installed. 

Another key feature of this project is its support for defining API routes that can be used to serve data to the application. API routes are also based on filesystem, and are exposed under the default /api prefix in development.

It also supports Vite/Vitest/Playwright, Angular CLI/Nx workspaces, and Angular components with Astro. Lastly, Analog also provides hybrid SSR/SSG support. 

To learn more, visit the website.

The post SD Times Open-Source Project of the Week: Analog appeared first on SD Times.

This open-source offering is a from-scratch rewrite of Buck, though it does share some commonalities with it and other build systems such as Bazel. Buck2 completely separates the core and language-specific rules.

This separation means that the rules are easier to change and understand. The core of Buck2 is written in Rust, but its language rules are written in Starlark. 

According to Meta, it also has increased parallelism, integration with remote executing and virtual file systems, as well as a redesigned console output. This is all intended to help developers spend less time waiting and more time iterating code.

Additionally, the rules API is designed to contain advanced features for performance along with dynamic dependency features geared towards expressibility. These features are also restricted so users can be sure that other properties are not harmed.

Buck2 is also intended to integrate well with remote execution and offers users the ability to run actions on remote machines. 

It is also written to integrate with virtual file systems so the entire repository is not all checked at once, but grabbed on demand as specific files are accessed. 

Meta has expressed that this project is not yet polished and is still currently being developed, it is set to be properly announced in the coming months. To learn more, visit the GitHub page.

The post SD Times Open-Source Project of the Week: Buck2 appeared first on SD Times.

OSC&R was created to establish a standard language and structure for comprehending and evaluating the tactics, techniques, and procedures (TTPs) utilized by attackers to breach the security of software supply chains. 

The goal is to provide the security community with a unified resource to evaluate their own approaches for securing software supply chains in advance and compare solutions, according to the framework’s founding members. 

“In one episode of Star Trek, while working on vulnerabilities of the Enterprise in relation to the threat actor, Mr. Spock said, ‘Insufficient facts always invite danger, Captain!’ The same certainly holds true in cybersecurity, where a lack of information increases vulnerability. By increasing the community’s knowledge, OSC&R holds tremendous potential to mitigate dangers to the software supply chain and reduce the attack surface more broadly,” said Dineshwar Sahni, director of product security at VISA who also just joined the consortium of cybersecurity leaders behind OSC&R.

OSC&R can be used by security teams to evaluate existing defenses, define which threats need to be prioritized, and how existing coverage addresses those threats, as well as to help track the behaviors of attacker groups.

The project was added to GitHub earlier this week and was also recently endorsed by former U.S. National Security Agency Director Admiral Mike Rogers.

The post SD Times Open-Source Project of the Week: OSC&R Software Supply Chain Attack Matrix appeared first on SD Times.