Software Supply Chain

Feeds to Scour
SubscribedAll
Scoured 191 posts in 7.6 ms

CVE Lite CLI closes dependency gap β€” but won't stop modern threats

 🐧Linux Security  Content type: Blog
reversinglabs.comΒ·

OWASP Dependency-Track 5.0 Is Now Generally Available

 🐧Linux Security  Content type: Blog
owasp.orgΒ·Β·Hacker News
Less-relevant results

Is GitHub Actions Putting Your Software at Risk?

 🐧Linux Security
spin.atomicobject.comΒ·

Patching fast and slow: Ruby devs delay to defend against supply chain attack

 🐧Linux Security  Content type: News
csoonline.comΒ·

Risky Bulletin: RubyGems adds dependency cooldowns to counter supply chain attacks

Β πŸ’»Programming
news.risky.bizΒ·

GlassFish 8.0.3 Released: Performance optimizations and security fixes

 🐧Linux Security
omnifish.eeΒ·Β·r/java

Ruby Fights Supply-Chain Attacks With Filter Offering 'Cooldown' Before Installing New Packages - Slashdot

 🐧Linux Security
developers.slashdot.orgΒ·

Self-replicating Miasma worm hits 73 Microsoft GitHub repositories in supply chain attack

Β πŸ’»Programming Β Content type: News
thenextweb.comΒ·

Announcing Forrester’s Top Cybersecurity Threats For 2026

 🐧Linux Security  Content type: Blog
forrester.comΒ·

VS Code Adds 2-Hour Extension Auto-Update Delay to Limit Supply Chain Attacks

Β πŸ’»Programming
thehackernews.comΒ·Β·r/programming

Show HN: CI/lock – supply-chain attestation CLI, from the Witness creators

Β πŸ’»Programming Β Content type: Blog
cilock.devΒ·Β·Hacker News

Attackers already know the secrets are on your developers’ machines. Do you?

 🐧Linux Security
helpnetsecurity.comΒ·

I Researched the Red Hat npm Incident β€” Here's What Every Developer Should Know

 🐧Linux Security  Content type: Code
github.comΒ·Β·DEV

Microsoft pulled 73 GitHub repos after malware attack β€” but still won’t say who’s compromised

 🐧Linux Security
thenewstack.ioΒ·

Making the OWASP top ten in the vibe code eraβ€‹β€‹β€‹β€‹β€Œο»Ώβ€ο»Ώβ€‹β€β€‹β€β€Œβ€ο»Ώο»Ώβ€Œο»Ώβ€‹β€β€Œβ€β€β€Œβ€Œβ€β€Œο»Ώβ€Œβ€β€β€Œβ€Œβ€ο»Ώβ€β€‹β€β€‹β€β€‹ο»Ώβ€β€β€‹β€β€‹β€β€Œο»Ώβ€‹ο»Ώβ€Œβ€β€‹β€Œβ€Œβ€ο»Ώβ€β€Œβ€β€β€Œβ€Œο»Ώβ€Œβ€‹β€Œο»Ώβ€β€Œβ€‹β€ο»Ώβ€β€Œβ€β€β€Œβ€Œβ€ο»Ώο»Ώβ€‹β€β€‹β€β€‹β€ο»Ώβ€‹β€‹β€β€‹β€β€Œβ€β€β€‹β€Œο»Ώβ€‹β€β€Œβ€β€Œβ€Œβ€Œβ€β€Œβ€β€‹β€β€‹β€β€‹ο»Ώβ€β€β€‹β€β€‹β€β€Œβ€β€β€‹β€Œο»Ώβ€Œβ€‹β€Œο»Ώβ€Œβ€‹β€Œο»Ώβ€‹β€‹β€Œο»Ώβ€‹ο»Ώβ€‹ο»Ώβ€β€β€‹β€ο»Ώο»Ώβ€‹β€ο»Ώο»Ώβ€Œβ€β€‹ο»Ώβ€Œβ€ο»Ώβ€Œβ€Œ...

Β βš–οΈWork-Life Balance Β Content type: Blog
stackoverflow.blogΒ·

SAST vs SCA: Key Differences for AppSec Teams

 🐧Linux Security
orca.securityΒ·

Hackers breach Microsoft open source projects to inject credential stealing malware

 🐧Linux Security
4sysops.comΒ·

Ruby's Bundler adds a cooldown feature

Β πŸ’»Programming
lwn.net
Β·

Eliminating long-lived credentials with trusted publishing

 🐧Linux Security
lwn.net
Β·

Miasma Malware Hits 32 Red Hat Packages via Compromised GitHub Account

 🐧Linux Security
hackread.comΒ·

Keyboard Shortcuts

Navigation

Next / previous item
j/k
Open post
oorEnter
Preview post
v

Post Actions

Love post
a
Like post
l
Dislike post
d
Undo reaction
u
Save / unsave
s

Recommendations

Add interest / feed
Enter
Not interested
x

Go to

Home
gh
Interests
gi
Feeds
gf
Likes
gl
History
gy
Changelog
gc
Settings
gs
Browse
gb
Search
/

General

Show this help
?
Submit feedback
!
Close modal / unfocus
Esc

Press ? anytime to show this help