SLSA

🔏 SLSASpecific

supply chain levels, software attestation, build provenance, SLSA framework

Feeds to Scour
SubscribedAll
Scoured 47 posts in 11.7 ms

5 Software Supply Chain Security Best Practices for Development Teams

 📋SBOMs  Content type: Blog
docker.com··Cited by 1 article

Shai-Hulud Campaign Evolution: Miasma, Hades, and AI Scanner Evasion

 🤖Automation
malware.news·

Release Step CLI v0.30.7-rc1 (26-06-11) · smallstep/cli

 🔏Sigstore  Content type: Code
github.com·

CoSign: Jalen Ngonda’s Doctrine of Love Looks Back to Move Soul Forward

 🔏Sigstore
consequence.net·

Show HN: CI/lock – supply-chain attestation CLI, from the Witness creators

 🤖AI agents  Content type: Blog
cilock.dev··Hacker News
Less-relevant results

Release v1.84.8 · BerriAI/litellm

 🔏Sigstore  Content type: Code  Content type: Release
github.com·

Meet Hades: The malware that lies to AI security agents

 🤖Automation  Content type: News
infoworld.com··Hacker News·Cited by 1 article

Security updates for Thursday [LWN.net]

 🐧Linux
lwn.net·

Neelagiri65/equiv: Deterministic checker for behaviour-preserving code changes. Signed, re-runnable receipts; PR gate; single static binary.

 🔏Sigstore  Content type: Code
github.com··Hacker News·Cited by 1 article

Modern Love, Goth God Cosigns, and More Takeaways From Olivia Rodrigo’s New Album

 🔏Sigstore  Content type: News
rollingstone.com
··Cited by 1 article

Pythagora-io/gpt-pilot Compromised on GitHub - Shai-Hulud Credential Stealer Blocked by Python Linter

 🤖Automation  Content type: Blog  5 articles covering this post
stepsecurity.io··Hacker News·Cited by 5 articles

npm v12 delivers one of the biggest security improvements in years

 🧠AI  Content type: Blog
aikido.dev·

SOC 2 Controls for Non-Human Identities: CC6, CC7, and CC8

 🤖Automation  Content type: Blog
goteleport.com·

moby/moby client/v0.5.0-rc.1

 📋SBOMs  Content type: Code  Content type: Release
github.com
·

George Clooney Cosigns Callum Turner as the Next James Bond: ‘The Perfect Guy’

 🔏Sigstore
usmagazine.com·

moby/moby api/v1.55.0-rc.1

 📋SBOMs  Content type: Code  Content type: Release
github.com
·

For the 2nd time in weeks, Microsoft packages laced with credential stealer

 🤖AI agents  Content type: News  8 articles covering this post
arstechnica.com··Lobsters, Hacker News·Cited by 8 articles

Difference between revisions of "ELC 2026 Presentations"

 🐧Linux
elinux.org·

mmccalla/model-due-diligence: model-due-diligence is not a model safety verifier. It is a static evidence-gathering control for AI model supply-chain review. It supports provenance, artefact integrity, unsafe serialisation detection, secret exposure checks, suspicious code review, dependency risk detection, and audit reporting before first model execution.

 🤖Automation  Content type: Code
github.com··Hacker News

VEX demo update: adding Docker Scout attestations (and three new gotchas)

 🖼️Immich  Content type: Code
github.com··DEV

Keyboard Shortcuts

Navigation

Next / previous item
j/k
Open post
oorEnter
Preview post
v

Post Actions

Love post
a
Like post
l
Dislike post
d
Undo reaction
u
Save / unsave
s

Recommendations

Add interest / feed
Enter
Not interested
x

Go to

Home
gh
Interests
gi
Feeds
gf
Likes
gl
History
gy
Changelog
gc
Settings
gs
Browse
gb
Search
/

General

Show this help
?
Submit feedback
!
Close modal / unfocus
Esc

Press ? anytime to show this help