Hot Topics

supply chain security

Why you need an SBOM (Software Bill Of Materials)

Why you need an SBOM (Software Bill Of Materials)

| | SCA, Software Composition Analysis, supply chain security
SBOMs are security analysis artifacts becoming required by more companies due to internal policies and government regulation. If you sell or buy software, you should know the what, why, and how of ...
GitGuardian Blog - Code Security for the DevOps generation
The Open-Source Backdoor That Almost Compromised SSH

The Open-Source Backdoor That Almost Compromised SSH

| | Breach explained, supply chain security
The open-source world narrowly escaped a sophisticated supply-chain attack that could have compromised countless systems. A stark reminder of the necessity of vigilant monitoring and rigorous vetting within the open-source ecosystem to ...
GitGuardian Blog - Code Security for the DevOps generation
Three Mechanisms to Protect Your Git Repositories

Three Mechanisms to Protect Your Git Repositories

| | git, supply chain security
...despite all intentions to follow best practices, they don't. When you automate enforcement of best practices, you can ensure those practices are followed ...
GitGuardian Blog - Automated Secrets Detection
AI Supply Chain Security: Hugging Face Malicious ML Models

AI Supply Chain Security: Hugging Face Malicious ML Models

| | AI, Blog, supply chain security
Introduction to Hugging Face Malicious ML Models Background A recent report by JFrog researchers found that some machine learning models on Hugging Face may be used to attack the user environment. These ...
NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks.
A fork, wrapped in delicious pasta

GitHub Fights Forks — Millions of Them — Huge Software Supply Chain Security FAIL

| | Apiiro, App Sec & Supply Chain Security, AppSec & Supply Chain Security, dependency confusion, dependency confusion attacks, GitHub, github application security, github bug, GitHub Exploit, GitHub repositories, GitHub Security Measures, github security scanning, GitHub Security Vulnerabilities, Open Source and Software Supply Chain Risks, open source software supply chain, open source software supply chain security, repo confusion, SB Blogwatch, secure software supply chain, software supply chain, software supply chain attack, software supply chain attacks, software supply chain automation, software supply chain hygiene, software supply chain risk, Software Supply Chain risks, software supply chain security, Software Supply Chain Security Weaknesses, supply chain, supply chain security, Supply-Chain Insecurity
Forking hell: Scrotebots clone thousands of projects, injecting malware millions of times ...
Security Boulevard
Securing The Software Delivery Pipeline With Honeytokens

Securing The Software Delivery Pipeline With Honeytokens

| | honeytokens, supply chain security
Discover how honeytokens enhance security by detecting breaches in real-time across the software development lifecycle. Learn how to deploy these decoy credentials and traps effectively, bolstering defenses against cyber threats ...
GitGuardian Blog - Automated Secrets Detection
How do you manage secrets (Credentials) in an organisation - Expert panel

Top Secrets Management Tools for 2024

| | aws secrets manager, azure key vault, Secrets Management, supply chain security
Let's walk through nine of the top secrets management solutions for 2024 ...
GitGuardian Blog - Automated Secrets Detection
OSS Japan 2023 - Keynotes - Hall B - Live from Tokyo, Japan

Will 2024 Be the Year of the Software Bill of Materials? Experts Weigh In.

| | ChiefProductOfficer, CPO, DevSecOps, SBOM, software supply chain, supply chain security, TalkSecure
The post Will 2024 Be the Year of the Software Bill of Materials? Experts Weigh In. appeared first on CodeSecure ...
TalkSecure | CodeSecure
Secrets inside packages, scanning Python PyPi for credentials with Tom Forbes

Uncovering thousands of unique secrets in PyPI packages

| | Secrets detection, Software Composition Analysis, supply chain security
Security Researcher Tom Forbes worked with the GitGuardian team to analyze all the code committed to PyPi packages and surfaced thousands of hardcoded credentials ...
GitGuardian Blog - Automated Secrets Detection
Software Supply Chain Security Solution – Supply Chain Security Control

Software Supply Chain Security Solution – Supply Chain Security Control

| | Blog, supply chain security
Establishing a Software Supply Chain Asset Register An organization’s products and services are diverse and complex. By establishing a software supply chain asset register, you can have a clear understanding of the ...
NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks.
Load more