GEANT TECH LLCforGEANT TECH LLCgeanttechnology-1694821411582.hashnode.dev·Nov 9, 2023Trivy - The Container Image ScannerPreamble: Trivy is an open source single binary application written in Go and designed to find vulnerabilities, misconfigurations, secrets, SBOMs (Software Bill of Materials) in Container Images and Virtual Machine Images. It is a versatile security ...Discusstrivy
Panagiotis Vasilikossecuringbits.com·Oct 4, 2023Malicious VSCode ExtensionsAre malicious☠️VSCode extensions lurking in your workspace? Today's comic is inspired by the recent talk "Breaking the Chain: An Attacker's Perspective on Supply Chain Vulnerabilities and Flaws" by Ilay Goldman and Yakir Kadkoda from Aqua Security....Discusssupplychainsecurity
Avishek Sarkaraviii.hashnode.dev·Aug 15, 2023Dependency Confusion Attack on NPM: An End-to-End POCThe inspiring source here gave me creative inspiration for this blog. Dependency Confusion was initially disclosed by Alex Birsan. Introduction to Dependency Confusion Attack When building a web application or app, utilizing existing code and librari...Discuss·116 readssupplychainsecurity
Yankee Maharjanyankee.dev·Jul 8, 2023Securing Your Supply Chain: A Guide to Signing and Verifying BlobsSigning artifacts should be a crucial part of our workflow. As a part of Supply Chain Security, we must ensure that the artifact built on our CI platform is the artifact we are deploying on our production environments. If by any means, we cannot veri...Discuss·374 readsSecurity
Fawale Queenqueenislamiat.hashnode.dev·Apr 21, 2023Revolutionizing Software Security - Introducing Sigstore for DevelopersOne might have wondered at one point in their career how secure the software they are using is. It is not news that we live in an age where cyber-attacks are on the rise and for this reason, we should be more conscious and intentional about improving...Discusssoftware development
Snyksnyksec.hashnode.dev·Jan 6, 2023Supply chain security incident at CircleCI: Rotate your secretsOn January 4, CircleCI, an automated CI/CD pipeline setup tool, reported a security incident in their product by sharing an advisory. Context around the CircleCI Incident On December 27, security engineer Daniel Hückmann received an email notificatio...DiscussCircleCI
Aliza AdnanforCloud Native Islamabadcloudnativeislamabad.hashnode.dev·Sep 11, 2022The World of SBOMIn the last few years, there’s so much development in the IT industry that every software needs to keep itself updated and release its version more frequently than ever before. Abiding by this need, the software becomes more prone to the threat of ri...Discuss·1 like·318 readsDevops
