Tag: Software Supply Chain
Worms in the Supply Chain: Shai-Hulud and the Next DevOps Reckoning
Alan Shimel | | artifact provenance, CI/CD security, continuous verification, credential theft, devops security, devsecops, GitHub tokens, npm malware, OIDC, pipeline security, SBoM, Secure software delivery, Shai-Hulud worm, short-lived tokens, Software Supply Chain, supply chain attackDevOps was supposed to make software delivery faster, safer and more reliable. For the most part, it has. But every so often, something nasty crawls out of the shadows and reminds us ...
Securing the Software Supply Chain with Full Visibility and Compliance
At swampUP 2025 in Napa Valley, JFrog’s Yossi Shaul, senior vice president of DevOps, joined Alan to reflect on both his personal journey and JFrog’s evolving role in shaping modern software delivery ...
Shai-Hulud Attacks Shake Software Supply Chain Security Confidence
Being the Dune groupie that I am, I couldn't pass up the chance to comment on the "Shai-Hulud" NPM attacks. What a clever name for a worm attack. But as the saying ...
Outages and Security Threats in DevOps Tooling: Cracks in the Foundation
Alan Shimel | | AI-native workflows, CI/CD pipeline security, cloud-native pipelines, DevOps breaches, DevOps outages, DevOps resilience, GitHub outages, Jira vulnerabilities, platform engineering, secure delivery, Software Supply ChainAlan warns that DevOps toolchains — from GitHub to Jira — are showing cracks, with outages and breaches threatening delivery resilience. He urges platform engineers to design for failure, harden security, and ...
Survey Surfaces Uneven Adoption of SBOMs to Secure Software
A survey of 100 security professionals finds nearly half (48%) of security professionals admit their organizations are falling behind on meeting software bill material (SBOM) requirements as specified by the U.S. Office ...
Checkmarx Surfaces Malicious Effort to Compromise Software Supply Chains
Checkmarx, this week, reported it has discovered malicious software packages that, in addition to injecting malware capable of bypassing endpoint security to exfiltrate data, also provide persistent remote access and control of ...
Endor Labs Extends Microsoft SCA Alliance to GitHub
Endor Labs has allied with GitHub to integrate its software composition analysis (SCA) tools directly within DevOps workflows ...
North Korea’s Lazarus Group Targets Developers, Supply Chain
North Korea’s notorious Lazarus Group is using an advanced malicious implant to target cryptocurrency wallets and spreading it via legitimate GitHub profile and possibly through npm packages. The ongoing campaign, dubbed Operation Marstech ...
Proactive Dependency Management: Reducing Risk and Improving Software Quality
Justin Young | | dependencies, Dependency Management, devops, open-source components, quality, risk, Software Supply ChainManaging dependencies isn’t just best practice, it is an essential ongoing process. Implement these strategies in your projects to stay ahead of potential issues and ensure your software remains reliable, secure and ...
Learning From SpaceX: How the Space Industry’s Transformation can Inspire DevOps in Software Development
In recent years, the space industry, much like software development, has experienced rapid transformation. SpaceX has revolutionized space launches with its use of reusable rockets and innovative suppliers ...
Endor Labs Adds Analytics and Patching Tools to Secure Open Source Software
Endor Labs today at the Black Hat USA 2024 conference revealed it has added an ability to determine how challenging it might prove to be to upgrade an open source software package, ...
Survey Surfaces Troubling Signs of Software Supply Chain Insecurity
Mike Vizard | | ai, compliance, CRA, regulatory compliance, Software Supply Chain, supply chain securityA survey of software engineering professions has uncovered disconcerting signs of software supply chain insecurity ...
