Off the back of the tj-actions/changed-files #SupplyChainSecurity attack, I've written up how you can use #DependencyManagementData to determine the impact across your org - already found it's been very useful ๐
by 
Jamie Tanna
.
#supply-chain-security
#dependency-management-data.
#npm is 14 years old - 8 years ago I wrote a first proof of concept of a supply chain attack, Microsoft have owned it for 4 years and have done absolutely nothing to secure it. (That supply chain attack - https://github.com/tanepiper/steal-ur-stuff)
A tool for finding security issues in GitHub Actions setups. - woodruffw/zizmor
by Jamie Tanna
.
#github-actions
#security
#supply-chain-security.
Organizations often struggle to identify vulnerabilities and risks hidden within the layers of dependencies. Address it by using an holistic approach to software security.
Bringing the great successes of financial engineering to Rust.
Everything you need to know about securing the software supply chain.
Hey, do you know about supply chain security? ... You mean SBOMs?
Tool to achieve policy driven vetting of open source dependencies - GitHub - safedep/vet: Tool to achieve policy driven vetting of open source dependencies
You're currently viewing page 1 of 1, of 9 posts.