supply chain security
Why you need an SBOM (Software Bill Of Materials)
SBOMs are security analysis artifacts becoming required by more companies due to internal policies and government regulation. If you sell or buy software, you should know the what, why, and how of ...
The Open-Source Backdoor That Almost Compromised SSH
The open-source world narrowly escaped a sophisticated supply-chain attack that could have compromised countless systems. A stark reminder of the necessity of vigilant monitoring and rigorous vetting within the open-source ecosystem to ...
Three Mechanisms to Protect Your Git Repositories
...despite all intentions to follow best practices, they don't. When you automate enforcement of best practices, you can ensure those practices are followed ...
AI Supply Chain Security: Hugging Face Malicious ML Models
Introduction to Hugging Face Malicious ML Models Background A recent report by JFrog researchers found that some machine learning models on Hugging Face may be used to attack the user environment. These ...
GitHub Fights Forks — Millions of Them — Huge Software Supply Chain Security FAIL
Forking hell: Scrotebots clone thousands of projects, injecting malware millions of times ...
Securing The Software Delivery Pipeline With Honeytokens
Discover how honeytokens enhance security by detecting breaches in real-time across the software development lifecycle. Learn how to deploy these decoy credentials and traps effectively, bolstering defenses against cyber threats ...
Top Secrets Management Tools for 2024
Let's walk through nine of the top secrets management solutions for 2024 ...
Will 2024 Be the Year of the Software Bill of Materials? Experts Weigh In.
The post Will 2024 Be the Year of the Software Bill of Materials? Experts Weigh In. appeared first on CodeSecure ...
Uncovering thousands of unique secrets in PyPI packages
Security Researcher Tom Forbes worked with the GitGuardian team to analyze all the code committed to PyPi packages and surfaced thousands of hardcoded credentials ...
Software Supply Chain Security Solution – Supply Chain Security Control
Establishing a Software Supply Chain Asset Register An organization’s products and services are diverse and complex. By establishing a software supply chain asset register, you can have a clear understanding of the ...