Sign up for our newsletter!
Stay informed on the latest DevOps news

DevOps.com

Tag: supply chain risk

How Open Source Dependency and Repo Attacks Compromise DevOps Pipelines and How to Stay Safe 

How Open Source Dependency and Repo Attacks Compromise DevOps Pipelines and How to Stay Safe 

| | CVE, Dependency Governance, log4j, Malicious Code Injection, open source security, Package Managers, SBoM, secure development, supply chain risk, typosquatting
Modern applications rely on open source components for up to 90% of their code, creating a vast attack surface dominated by inhemalicious supply chain injections. High-profile incidents like Log4j and the sabotage ...
supply chain, software, Checkmarx, data, Endor, SCA, supply chain, security, workflows, supply chain, software, supply chain security, appsec, polyfill, software, supply chains, DevOps, DevSecOps, Google supply chain

Establishing Visibility and Governance for Your Software Supply Chain

| | application security, asset visibility, attack surface management, build-time security, Cloud Governance, context-aware security, cybersecurity governance, dependency tracking, eBPF runtime analysis, Kubernetes Gatekeeper, Log4Shell, open source security, provenance attestation, risk reduction, SBoM, SBOM automation, secure software development, SLSA, software bill of materials, software provenance, Software Supply Chain Security, supply chain risk, Third-party Dependencies, VEX, vulnerability management, vulnerability prioritization
Asset visibility and cloud governance start with SBOMs, VEX, and provenance tracking. Learn how to secure your software supply chain ...