software supply chain automation
GitHub Fights Forks — Millions of Them — Huge Software Supply Chain Security FAIL
Richi Jennings | | Apiiro, App Sec & Supply Chain Security, AppSec & Supply Chain Security, dependency confusion, dependency confusion attacks, GitHub, github application security, github bug, GitHub Exploit, GitHub repositories, GitHub Security Measures, github security scanning, GitHub Security Vulnerabilities, Open Source and Software Supply Chain Risks, open source software supply chain, open source software supply chain security, repo confusion, SB Blogwatch, secure software supply chain, software supply chain, software supply chain attack, software supply chain attacks, software supply chain automation, software supply chain hygiene, software supply chain risk, Software Supply Chain risks, software supply chain security, Software Supply Chain Security Weaknesses, supply chain, supply chain security, Supply-Chain Insecurity
Forking hell: Scrotebots clone thousands of projects, injecting malware millions of times ...
Security Boulevard
A guide for open source software (OSS) security
Aaron Linskens | | DevZone, open source, secure software supply chain, software supply chain automation, Sonatype Lifecycle, Sonatype Repository Firewall
When you search for a dependable open source software (OSS) component to integrate into your software supply chain, evaluation of the component’s security emerges as a critical task. This involves not only ...
Comparing SBOM Standards: SPDX vs. CycloneDX
Luke Mcbride | | CycloneDX, SBOM, software bill of materials, software supply chain automation, SPDX, SWID
In our 8th Annual State of the Software Supply Chain Report, we detailed upcoming government regulation coming to protect national interests globally. Because software is frequently built from third-party open source components, ...