Tag: supply chain security

Sysdig Identifies Cyberattacks on GitLab Platforms Using Binaries
Sysdig Threat Research Team uncovers cyberattacks using binaries written in Go and .NET are compromising on-premises editions of GitLab ...

Extending the GitOps Pipeline: DevSecOps and Trusted Application Delivery
The fusion of DevSecOps and trusted application delivery can extend the GitOps pipeline and add business value ...

npm is Scam-Spam Cesspool ¦ Google in Microsoft Antitrust Thrust
In this week’s #TheLongView: The npm registry suffers spam infestation, and Microsoft makes Google sad ...

Awareness of Software Supply Chain Security Issues Improves
A global survey of 167 software professionals suggested that, while there is a lot more awareness of application security issues, the adoption of DevSecOps best practices is still not pervasive. The survey, ...

Dev of core-js Will Flip Table ¦ Another 451 PyPI Maldeps
In this week’s #TheLongView: Denis Pushkarev is fed up with core-js freeloaders, and hundreds more malicious packages found at PyPI ...

Software Supply Chain Security Debt is Increasing: Here’s How To Pay It Off
Last year, the world woke up to the software supply chain dilemma. We saw a spike in attacks as hackers sought to exploit known and unknown vulnerabilities within dependencies. There is also ...

Secure Software Summit: Exploring Secure Coding Best Practices
In an era where software is dominating the world, the security and quality of code must remain a high priority. Delivering secure and reliable software at a rapid pace is crucial for most ...

WhiteSource Adds SBOM Tool That Lists Vulnerabilities
WhiteSource has added a software bill of materials (SBOM) tool to its portfolio that, in addition to capturing the components of an application, also surfaces vulnerabilities that should be addressed. Many organizations ...

Oxeye Platform Helps Fix Code Vulnerabilities
Fresh from raising $5.3 million in seed funding, Oxeye emerged this week from stealth to launch a namesake application security testing platform that, in addition to pinpointing issues in code, also provides ...

CloudBees Acquires Neuralprints to Shift Compliance Left
At the online DevOps World 2021 conference today, CloudBees revealed it has acquired Neuralprints to provide the core technology for CloudBees Compliance, a real-time compliance and risk analysis platform that it will ...