Off the back of the tj-actions/changed-files
#SupplyChainSecurity attack, I've written up how you can use #DependencyManagementData to determine the impact across your org - already found it's been very useful ๐
Tag supply-chain-security
Reposted
Tane Piper โ (@tanepiper@tane.codes)
Post details
#npm is 14 years old - 8 years ago I wrote a first proof of concept of a supply chain attack, Microsoft have owned it for 4 years and have done absolutely nothing to secure it. (That supply chain attack - https://github.com/tanepiper/steal-ur-stuff)
Liked
GitHub - woodruffw/zizmor: A tool for finding security issues in GitHub Actions setups.

Post details
A tool for finding security issues in GitHub Actions setups. - woodruffw/zizmor
Liked
You canโt fix issues if you canโt find them
by

Post details
Organizations often struggle to identify vulnerabilities and risks hidden within the layers of dependencies. Address it by using an holistic approach to software security.

Liked
On Tech Debt: My Rust Library is now a CDO
Post details
Bringing the great successes of financial engineering to Rust.
Liked
Software supply chain security: Broader than SolarWinds and Log4J

Post details
Everything you need to know about securing the software supply chain.

Liked
Software Bill of Materials (SBOM): The Gateway Drug to Supply Chain Security
by

Post details
Hey, do you know about supply chain security? ... You mean SBOMs?

Liked
GitHub - safedep/vet: Tool to achieve policy driven vetting of open source dependencies

Post details
Tool to achieve policy driven vetting of open source dependencies - GitHub - safedep/vet: Tool to achieve policy driven vetting of open source dependencies
You're currently viewing page 1 of 1, of 9 posts.