software supply chain hygiene
‘Polyfill’ Supply Chain Threat: 4x Worse Than We Thought
Spackle attack: Chinese company takes over widely used free web service—almost 400,000 websites at risk ...
PyPI Goes Quiet After Huge Malware Attack: 500+ Typosquat Fakes Found
Emergency stop button: The Python Package Index was drowning in malicious code again, so they had to shut down registration for cleanup ...
GitHub Fights Forks — Millions of Them — Huge Software Supply Chain Security FAIL
Forking hell: Scrotebots clone thousands of projects, injecting malware millions of times ...
Patch EVERYTHING: Widely Used ‘WebP’ Code has Critical Bug
WebP FAIL. Critical vuln in libwebp: Go get updates to Chrome, Firefox, Edge, Slack and more ...
Beyond npm Audit to Traverse an Increasingly Complex Dependency Tree
If you've been immersed in the Node.js/JavaScript community for awhile, or even if you are just getting started, you are likely using npm audit to scan package dependencies in your projects. It's ...
Gartner: You Must Assess Overall Software Health and Welfare
Gartner’s recent report Technology Insight for Software Composition Analysis, makes four open-source security recommendations that companies should think about when determining what type of software composition analysis program they want to have ...
Nexus Lifecycle Now Integrates with Azure DevOps to Secure Software Supply Chains in the Cloud
As more and more software development teams move to the cloud, it is now more important than ever to ensure that only the best open source components make it into a final ...