Vaishali Rawatmaveraw.hashnode.dev·Feb 4, 2025SBOM: The Key to Secure Software Supply ChainsIntroduction With the rise of supply chain attacks, ensuring software security has become more critical than ever. One of the most effective ways to achieve this is through a Software Bill of Materials (SBOM). An SBOM provides a comprehensive invento...#cybersecurity
Hitesh Patrablogs.hiteshpatra.in·Dec 4, 2024CVE-2024-54134 - Solana Web3.js Supply Chain AttackA supply chain attack was detected in version 1.95.6 and 1.95.7 of the @solana/web3.js npm library. This compromised version contain injected malicious code that can steal keys from developers and users, potentially enabling attackers to drain crypto...12 likes·122 readsCVE Analysissupplychainattack
Abhiramcloudbuddy.hashnode.dev·Oct 29, 2024Supply Chain Attacks: Securing Your Software from Third-Party CodeIn today's interconnected world, software applications increasingly rely on third-party components. While these components can accelerate development and provide valuable functionality, they also introduce new security risks. Supply chain attacks, wh...supplychainsecurity
Hardik Nandar0075h3ll.hashnode.dev·Sep 28, 2024Using Gitlab for DevSecOpsDevSecOps is an established - and now being adopted - philosophy that aims to foster collaboration between Developement, Security, and Operations teams in an Organization. Being an integral part of SDLC, security testing is something that has helped ...139 readsDevops
Gift Ayodeledevgifttemitope.hashnode.dev·Sep 13, 2024What is Blockchain?Blockchain is a revolutionary technology that’s changing how we think about transactions, security, and trust. It’s the backbone behind cryptocurrencies like Bitcoin and Ethereum, but it’s much more than just about digital money. To put it simply, bl...Programming FundamentalsBlockchainForBeginners
Kunal VermaforKubesimplifyblog.kubesimplify.com·Jun 13, 2024Supply Chain Security Using SLSA - Part 2 (The Framework)In Part 1 of our ongoing Supply Chain Security series, we delved into the fundamental aspects of supply chain security and its growing importance. If you haven’t yet checked out the first part, make sure to give it a read now! Now that we've establ...11 likes·197 readsSecurity
Panagiotis Vasilikossecuringbits.com·Apr 24, 2024Cache Attacks on CI/CD SystemsA new type of attack affecting major CI/CD service providers. Attackers can exploit CI/CD cache mechanisms to inject malicious code or steal your secrets. This information is detailed in the paper by Gu, Ying, Chai, Pu, Duan and Gao "More Haste, Less...Application Security
Panagiotis Vasilikossecuringbits.com·Apr 17, 2024Open-Source Secret Scanning ToolsImplement secret scanning in your pipelines today with the following 5 open-source tools: - Trufflehog https://github.com/trufflesecurity/trufflehog - GitLeaks https://github.com/gitleaks/gitleaks - Semgrep https://github.com/semgrep/semgrep - Talism...33 readsOpen Source
GEANT TECH LLCgeanttechnology-1694821411582.hashnode.dev·Nov 9, 2023Trivy - The Container Image ScannerPreamble: Trivy is an open source single binary application written in Go and designed to find vulnerabilities, misconfigurations, secrets, SBOMs (Software Bill of Materials) in Container Images and Virtual Machine Images. It is a versatile security ...93 readstrivy
Panagiotis Vasilikossecuringbits.com·Oct 4, 2023Malicious VSCode ExtensionsAre malicious☠️VSCode extensions lurking in your workspace? Today's comic is inspired by the recent talk "Breaking the Chain: An Attacker's Perspective on Supply Chain Vulnerabilities and Flaws" by Ilay Goldman and Yakir Kadkoda from Aqua Security....supplychainsecurity