Tag feed

#software-supply-chain-security

19 posts4 followers

Explore Hashnode

Alternatives

Trending tags this week

KAKagen AIunified-application-security-platform.hashnode.devApr 6 · 4 min read

Why Zero Trust Application Security Is the Most Effective Defense Against Modern Supply-Chain Attacks

Modern software development has evolved into a highly interconnected ecosystem powered by open-source components, third-party integrations, cloud services, and automated pipelines. While this accelera

0

GOGermain Oleablog.germain.techMar 2 · 7 min read

SSDLC et DevSecOps

Introduction Lorsque Marc Andreessen déclarait en 2011 : « Software is eating the world. » Why software is eating the world il décrivait une transformation structurelle de l’économie qui s’est depui

0

GGitHubOpenSourcegithub-open-source.hashnode.devDec 16, 2025 · 3 min read

Stop Supply Chain Attacks: GuardDog Scans Your Dependencies for Hidden Malware

📝 Quick Summary: GuardDog is a command-line interface tool designed to detect malicious packages across various ecosystems including PyPI, npm, Go, GitHub Actions, and VSCode extensions. It employs both source code analysis using Semgrep rules and p...

0

LTLưu Tuấn Anhblog.fiscybersec.comNov 18, 2025 · 7 min read

The OWASP 2025 list has just been announced – risks you never thought of are at the top!

Overview The year 2025 marked a significant turning point in how we perceive cybersecurity in general and application security in particular. The OWASP Top 10—a list considered the "guiding light" for every AppSec program worldwide—has just officiall...

0

LTLưu Tuấn Anhblog.fiscybersec.comNov 18, 2025 · 9 min read

Danh sách OWASP 2025 vừa công bố – những rủi ro bạn chưa từng nghĩ tới lại đứng top!

Tổng quan Năm 2025 đã đánh dấu một bước ngoặt lớn trong cách chúng ta nhìn nhận về an ninh mạng nói chung và an ninh ứng dụng nói riêng. Bộ OWASP Top 10 – danh sách được coi là “kim chỉ nam” cho mọi chương trình AppSec trên thế giới vừa chính thức cậ...

0

HKHare Krishna Raiblog.harekrishnarai.meSep 18, 2025 · 14 min read

The Shai-Hulud Worm: Dissecting the Self-Spreading Malware Attack on the NPM Ecosystem

1. Introduction: The Attack of the Code Worm Imagine building a project with a set of Lego bricks, but one of the bricks is secretly malicious. Not only is it a bad piece, but it also has the ability to copy itself and sneak into all the other Lego s...

0

HKHare Krishna Raiblog.harekrishnarai.meAug 27, 2025 · 8 min read

The Nx Supply Chain Attack: When AI Becomes an Accomplice Attackers

In a startling turn of events, the widely-used Nx build system fell victim to a sophisticated supply chain attack. On August 26, 2025, malicious versions of the Nx packages were published to the npm registry, compromising the systems of potentially t...

0

HKHare Krishna Raiblog.harekrishnarai.meApr 19, 2025 · 4 min read

Slopsquatting: An Emerging Threat to Developers Using AI-Powered IDEs

Recently, companies are supercharging developer productivity with AI-powered IDEs and agents! Tools like GitHub Copilot and CursorAI are at the forefront of this exciting transformation, offering developers incredible coding assistance and automation...

0

TFThe Firewallblogs.thefirewall.orgApr 17, 2025 · 3 min read

Introducing Software Composition Analysis

Understanding and securing your software supply chain has never been more critical in today's increasingly complex software development landscape. We're excited to announce the latest addition to The Firewall Appsec Platform: our comprehensive Softwa...

0

HKHare Krishna Raiblog.harekrishnarai.meMar 30, 2025 · 3 min read

Not Just Numbers: Why Semantic Versioning (SemVer) Is Your Best Friend in Fixing Vulnerable Dependencies

Hey there, fellow AppSec explorers! Ever stumbled across a version like 0.1.0 or 2.5.3 and thought, “Are these numbers even real or just something the dev randomly typed in?” Same. Been there. Thought that. 😅 But the more I got into fixing SCA (Sof...

0

#software-supply-chain-security

Search Hashnode

#software-supply-chain-security

Explore Hashnode

Trending tags this week

Why Zero Trust Application Security Is the Most Effective Defense Against Modern Supply-Chain Attacks

SSDLC et DevSecOps

Stop Supply Chain Attacks: GuardDog Scans Your Dependencies for Hidden Malware

The OWASP 2025 list has just been announced – risks you never thought of are at the top!

Danh sách OWASP 2025 vừa công bố – những rủi ro bạn chưa từng nghĩ tới lại đứng top!

The Shai-Hulud Worm: Dissecting the Self-Spreading Malware Attack on the NPM Ecosystem

The Nx Supply Chain Attack: When AI Becomes an Accomplice Attackers

Slopsquatting: An Emerging Threat to Developers Using AI-Powered IDEs

Introducing Software Composition Analysis

Not Just Numbers: Why Semantic Versioning (SemVer) Is Your Best Friend in Fixing Vulnerable Dependencies