Ask HN: Who does OSS security audits?

3 points by clcaev ↗ HN
We have an exceptionally large code base of Java, "R", C++, and Javascript... and are looking to contract with an established vendor to do security audits and ongoing health monitoring. Is there a list of vendors that do this work (hopefully at a discount? funding is always tight).

2 comments

[ 3.9 ms ] story [ 15.4 ms ] thread
Sonatype (not an audit, but ongoing software supply-chain management)

https://www.sonatype.com

They got their start from Java Maven-based projects and progressed via the Nexus binary repository.