Alex Ilgayev
Cycode

Sigstore for Python Packaging: Next Steps for Adoption - William Woodruff, Trail of Bits

Securing Artifacts: Keyless Signing with Sigstore and CI/MON

| | Blog, code tampering, governance, Hardening SDLC, research, software supply chain security
Artifact integrity is crucial in maintaining software security and trustworthiness. High-profile breaches like SolarWinds, CodeCov, 3CX, and JumpCloud have shown how altering artifact contents can lead to significant security vulnerabilities, enabling attackers to infiltrate and compromise software supply chains. This is the first in a series of blog posts about ... Read More
Cycode

Three Lessons from the Ledger Connect Kit Supply Chain Attack

| | Application Security, Application security posture management, Blog, code tampering, Hardening SDLC, SCA, software supply chain security
On December 14, 2023, the crypto community held its breath as news of a critical compromise involving the Ledger Connect Kit, a vital software component connecting hardware wallets to dApps, hit the industry. The post Three Lessons from the Ledger Connect Kit Supply Chain Attack appeared first on Cycode ... Read More
Cycode