It’s essential for organizations to learn more about the software supply chains they rely on and the steps needed to secure them. In just the past few years, we have seen a major uptick in malicious actors exploiting vulnerabilities in software supply chains to facilitate attacks on organizations. However, it’s important to remember that these […]
Tips For Securing CI/CD Pipelines
Most development teams want to increase the pace of their software delivery. As such, continuous integration and delivery (CI/CD) has grown in importance, helping push code from build to production as seamlessly as possible. CI/CD pipelines often loop in many elements and may comprise a diverse stack of tools, automations and various languages. But because […]
Dev of core-js Will Flip Table ¦ Another 451 PyPI Maldeps
In this week’s #TheLongView: Denis Pushkarev is fed up with core-js freeloaders, and hundreds more malicious packages found at PyPI.
Rezilion Adds Windows Support to Dynamic SBOM Tool
Rezilion has added support for Windows applications to its tool for dynamically generating software bills of materials (SBOMs). Rezilion CEO Liran Tancman said in addition to existing support for Linux applications, it’s now possible to analyze all the components that make up a Windows application runtime environment in real-time. That capability also makes it possible […]
Codenotary Automates SBOM Creation
Codenotary today launched a tool that enables an application to automatically generate a software bill of materials (SBOM) by adding a single line to its source code. Codenotary CEO Moshe Bar said TrueSBOM makes it possible to self-report the components used to construct applications to any organization that uses them for the first time. In […]
2023 Application Security Budgets on the Rise
A survey of 500 DevSecOps professionals in the U.S. found nearly three-quarters (73%) of organizations plan to increase investment in application security in 2023. The survey, conducted by Wakefield Research on behalf of Invicti, a provider of dynamic application security testing (DAST) tools, also found 97% of DevSecOps teams said they ignored a real vulnerability […]
Endor Labs Applies Graph Analysis to Secure Software Supply Chains
Endor Labs exited stealth mode today to launch a platform that applies graph analysis to identify the depth of dependencies that exist within an application. Fresh from raising $25 million in funding, Endor Labs CEO Varun Badhwar said the Dependency Lifecycle Management Platform makes it simpler for organizations to manage dependencies within applications that can […]
Wipro Fires 2-Job Staff | Python Bug from 2007 | Lite Layoffs
In this week’s The Long View: Wipro fires 300 for moonlighting at competitors, Python has a nasty 15-year-old bug, and companies are finding new ways to lay people off without calling it a “layoff.”
DevOps World 2022: Developer and Security Links Protect Your Supply Chain
Ever since the SolarWinds attack back in December 2020, software supply chain attacks have been top-of-mind for any company that builds software. The idea of endangering not just your organization by being attacked but also your customers really sharpens your focus. Another complicating factor is that applications use a combination of open software components and […]
DevOps World 2022: Using SBOMs to Secure the Software Supply Chain
As supply chain attacks become increasingly prevalent, visibility is emerging as a necessity in cybersecurity. One way to improve visibility and secure your software supply chain is with a software bill of materials (SBOM). An SBOM is a list of all the components within a codebase. By providing insight into open source and third-party components, […]









