Tag: Software Supply Chain
Dev of core-js Will Flip Table ¦ Another 451 PyPI Maldeps
Richi Jennings | | core-js, Denis Pushkarev, JavaScript, open source, PyPi, Russia, Software Supply Chain, Software Supply Chain Security, softwaresupplychain, supply chain attacks, supply chain security, The Long ViewIn this week’s #TheLongView: Denis Pushkarev is fed up with core-js freeloaders, and hundreds more malicious packages found at PyPI ...
Taking the Modular Route
Vishal Shetty | | composable apps, developers, modular route standardization, software development, Software Supply ChainIn today's world of continuous software development and integration, removing bottlenecks and increasing efficiency is of utmost importance. One surefire way to improve this efficiency is leaning into modularity–or ‘taking the modular ...
Rezilion Updates Open Source MI-X Tool to Better Secure App Development
Mike Vizard | | application security, Rezilion, secure code, Software Supply Chain, vulnerability scanningRezilion has updated its open source MI-X vulnerability discovery tool to include mitigation and remediation recommendations. In addition, the tool can now produce machine-readable output in either a JSON or CSV format ...
ActiveState Makes All Tiers of Curated Artifact Repository Service Free
ActiveState today announced it is making all tiers of its ActiveState Artifact Repository service available for free for a limited time. The move aims to enable organizations to better secure open source ...
Securing Open Source Components in a World of Mixed Committer Motivations
Our world runs on software that contains open source components. This places an increased burden on developers, as the primary consumers and deployers of those components, to use code that is fully ...
Palo Alto Networks Buys Cider Security to Lock Down Pipelines
Mike Vizard | | acquisition, Cider Security, Cybersecurity, Palo Alto Networks, Software Supply ChainPalo Alto Networks this week extended its efforts to secure application environments by agreeing to acquire Cider Security, a provider of a platform for securing continuous integration/continuous delivery (CI/CD) platforms, for approximately ...
JFrog Gives Pyrsia to CD Foundation to Secure Software Supply Chains
At the KubeCon + CloudNativeCon North America conference this week, JFrog announced it contributed the Pyrsia project, which uses blockchain technologies to secure software packages, to the Continuous Delivery (CD) Foundation. Stephen ...
Sonatype Report Surfaces Scope of Known Vulnerability Challenge
Sonatype this week published a State of the Software Supply Chain Report that found a 633% year-over-year increase in malicious attacks aimed at open source software residing in public repositories. In addition, ...
Making SBOMs Actionable
A software bill of materials (SBOM) is a list of all the software components found in a given codebase or used in a given software build. Great. So, now what? Why do ...
JFrog Adds Module to Better Secure Software Supply Chains
JFrog today added a JFrog Advanced Security module to its Artifactory repository that enables DevOps teams to scan both binaries and source code for vulnerabilities and misconfigurations. Stephen Chin, vice president of ...
Google Looks to Secure Software Supply Chains
At the Google Cloud Next '22 conference, Google today launched a managed Software Delivery Shield (SDS) service to enable DevOps team to store, manage and secure the build artifacts in Artifact Registry ...
GitLab Allies With Google to Improve Developer Productivity
GitLab Inc., in collaboration with Google, today launched an open source Cloud Seed tool that makes it simpler for DevOps teams to consume Google Cloud Platform (GCP) resources. The Cloud Seed tool, ...
