In Part 2 of this blog series, we uncover the details of SLSA provenance from end to end. Previously in Part 1, we started by reviewing in-toto attestations, which are the underlying technology of SLSA provenance. Now, we dive into the internals of SLSA provenance, understand its content, and how ... Read More

In previous parts of the series, we dived into the concept of SLSA Provenance and the in-toto framework that empowers it.Next, we learned about the challenges of adopting SLSA provenance as an enterprise.In this post, we finally discuss the solution and the challenges and learn how you can use SLSA ... Read More

In part 2 of the series, we dived into the internals of the provenance document to understand its content and usage. In this part, we will explore the different SLSA levels for generating provenance and go through the different challenges you might face when adopting SLSA provenance. Finally, we will ... Read More

As software technology evolves, it’s being continuously integrated into nearly every aspect of business processes. And while this has given many businesses new tools to make their daily lives much easier and more efficient, it has also highlighted how important security is ... Read More

Malicious actors are poisoning your artifacts in an attempt to infect your software supply chain so that you deploy those compromised (i.e. poisoned) artifacts to your production servers. In the worst scenarios, your production software then serves as a distribution mechanism for the poisoned artifact to additionally compromise your own ... Read More

A popular vendor of Magento-Wordpress plug-ins/integrations with over 200,000 downloads, has been hacked. This recent attack is a reminder that malicious 3rd party plug-ins/integrations for popular platforms and systems, in this case FishPig integrations for Adobe's Magento e-commerce platforms, can open the door to critical vulnerabilities and exploits ... Read More