supply chain security Archives

Why you need an SBOM (Software Bill Of Materials)

Greg Bulmash | April 12, 2024 | SCA, Software Composition Analysis, supply chain security

SBOMs are security analysis artifacts becoming required by more companies due to internal policies and government regulation. If you sell or buy software, you should know the what, why, and how of ...

GitGuardian Blog - Code Security for the DevOps generation

The Open-Source Backdoor That Almost Compromised SSH

Thomas Segura | April 2, 2024 | Breach explained, supply chain security

The open-source world narrowly escaped a sophisticated supply-chain attack that could have compromised countless systems. A stark reminder of the necessity of vigilant monitoring and rigorous vetting within the open-source ecosystem to ...

GitGuardian Blog - Code Security for the DevOps generation

The Open-Source Backdoor That Almost Compromised SSH

Thomas Segura | April 2, 2024 | Breach explained, supply chain security

GitGuardian Blog - Code Security for the DevOps generation

Three Mechanisms to Protect Your Git Repositories

Greg Bulmash | March 14, 2024 | git, supply chain security

...despite all intentions to follow best practices, they don't. When you automate enforcement of best practices, you can ensure those practices are followed ...

GitGuardian Blog - Automated Secrets Detection

AI Supply Chain Security: Hugging Face Malicious ML Models

NSFOCUS | March 4, 2024 | AI, Blog, supply chain security

Introduction to Hugging Face Malicious ML Models Background A recent report by JFrog researchers found that some machine learning models on Hugging Face may be used to attack the user environment. These ...

NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks.

GitHub Fights Forks — Millions of Them — Huge Software Supply Chain Security FAIL

Forking hell: Scrotebots clone thousands of projects, injecting malware millions of times ...

Security Boulevard

Securing The Software Delivery Pipeline With Honeytokens

Guest Expert | February 14, 2024 | honeytokens, supply chain security

Discover how honeytokens enhance security by detecting breaches in real-time across the software development lifecycle. Learn how to deploy these decoy credentials and traps effectively, bolstering defenses against cyber threats ...

GitGuardian Blog - Automated Secrets Detection

Top Secrets Management Tools for 2024

Greg Bulmash | February 9, 2024 | aws secrets manager, azure key vault, Secrets Management, supply chain security

Let's walk through nine of the top secrets management solutions for 2024 ...

GitGuardian Blog - Automated Secrets Detection

Will 2024 Be the Year of the Software Bill of Materials? Experts Weigh In.

Deb Radcliff | December 15, 2023 | ChiefProductOfficer, CPO, DevSecOps, SBOM, software supply chain, supply chain security, TalkSecure

The post Will 2024 Be the Year of the Software Bill of Materials? Experts Weigh In. appeared first on CodeSecure ...

TalkSecure | CodeSecure

Uncovering thousands of unique secrets in PyPI packages

Guest Expert | November 13, 2023 | Secrets detection, Software Composition Analysis, supply chain security

Security Researcher Tom Forbes worked with the GitGuardian team to analyze all the code committed to PyPi packages and surfaced thousands of hardcoded credentials ...

GitGuardian Blog - Automated Secrets Detection