supply chain
We all dodged a bullet - Xe Iaso
https://xeiaso.net/notes/2025/we-dodged-a-bullet/
Added 1 month ago
The Critical Flaw in CVE Scoring
https://www.darkreading.com/vulnerabilities-threats/critical-flaw-cve-scoring
Added 2 months ago
Using artifact attestations to establish provenance for builds - GitHub Docs
https://docs.github.com/en/actions/security-for-github-actions/using-artifact-attestations/using-artifact-attestations-to-establish-provenance-for-builds#verifying-artifact-attestations-with-the-github-cli
Added 4 months ago
AI-hallucinated code dependencies become new supply chain risk
https://www.bleepingcomputer.com/news/security/ai-hallucinated-code-dependencies-become-new-supply-chain-risk/
Added 5 months ago
reviewdog/action-setup
https://www.wiz.io/blog/new-github-action-supply-chain-attack-reviewdog-action-setup
Added 5 months ago
GitHub Actions now supports a digest for validating your artifacts at runtime - GitHub Changelog
https://github.blog/changelog/2025-03-18-github-actions-now-supports-a-digest-for-validating-your-artifacts-at-runtime/
Added 5 months ago
Recent improvements to Artifact Attestations - GitHub Changelog
https://github.blog/changelog/2025-02-18-recent-improvements-to-artifact-attestations/
Added 5 months ago
Compromising OpenWrt Supply Chain via Truncated SHA-256 Collision and Command Injection - Flatt Secu
https://flatt.tech/research/posts/compromising-openwrt-supply-chain-sha256-collision/
Added 5 months ago
https://www.reuters.com/world/middle-east/dozens-hezbollah-members-wounded-lebanon-when-pagers-exploded-sources-witnesses-2024-09-17/
https://www.reuters.com/world/middle-east/dozens-hezbollah-members-wounded-lebanon-when-pagers-exploded-sources-witnesses-2024-09-17/
Added 5 months ago
Artifact Attestations is generally available
https://github.blog/changelog/2024-06-25-artifact-attestations-is-generally-available/
Added 5 months ago