Ochrona 2.0.0 Released
Ochrona, the Python security tool has some major updates, including SAST checks
Ochrona, an open source supply chain security tool for Python developers, released a new update to enable enhanced security throughout the SDLC.
With Ochrona, Python developers were already able to check their projects for malicious package usage and set policies to audit additional packages outside of those tied to known CVEs. The 2.0.0 update introduces beta SAST capabilities into Ochrona scans, allowing Ochrona to be the single security tool your projects need.
Ochrona’s future vision will focus on joining Python SCA results with SAST verification of vulnerable packages in order to cut down on false positives and drill into the specific components and functions that present risk.
The new update allows for the following:
- HTML reporting option for exporting findings.
- Enhancements to the Software Bill of Materials (SBOM) scan output.
- Revamped formatting when running in command line, allowing for clearer interpretation of results, using Rich.
- The Ochrona Python Vulnerability database is up to over 1800 vulnerabilities, with an average of 5 updates a month.
- SAST checks against unsafe general Python usage and components and functions used that tie back to OWASP vulnerabilities.
- Allows for nested definitions in user-defined policies.
- Revitalized vulnerability definition expression for new vulnerability records that Ochrona checks against.
- Enhanced, refactored policy configuration, allowing for more lightweight policy checks against packages that are not compliant or not allowed. This also includes policy grouping.
Our goal is to give back to the security community. If you have feedback or code that you’d like to contribute to the project, drop us a line at support@ochrona.dev or open an issue or PR on github.
