Lately I’ve been talking a lot about the supply chain risk. You import some software, and are suddenly importing their business model and practices. Well, we’ve just had another ‘shenanigan’ unveiled. And its got some good drama. https://github.com/dominictarr/event-stream/issues/116 In a nutshell…
Don's Blog Technology run (almost) amuck
Tag: supply-chain
Pytosquatting, Supply Chain Risk, and the Slovak National Security Bureau
So most of you will have the Slovak ‘NBU’ on your RSS speed-dial, but I found I was a bit behind on my reading of it. As I was catching up, skcsirt-sa-20170909-pypi caught my eye. In a nutshell, its around…
Software supply chain risk management robots
It finally happened to you. A developer used ‘import A’. A pulled in B, B pulled in C, D. D pulled in E… and somewhere along that chain evil lurked. Now all your bits are belong to l33t hackerz.…
login | 
(RSS)|Create Account|Update email pref
In the lower right you might see a red bell / push notification indicator, click it to enable push notifications (or link below this box).
See the previous archives
(RSS)|Create Account|Update email pref In the lower right you might see a red bell / push notification indicator, click it to enable push notifications (or link below this box).
See the previous archives
- db on The LED bulb project: an autopsy on some failuresfree to good home. two $25 LED corn cob lights. Lightly used. Some bugs. May have missing led(s). Know a
- Jayme Snyder on The LED bulb project: an autopsy on some failuresI've fixed a number of dead LED back-lit TV's found on Kijiji and through friends. I guess it's so much
- db on Gitlab via the API: prepare a repo with automatic deploy keys and protected branches/tagsi don't really understand what you are asking? the `protect` means that it can't be read.
- faizal on Gitlab via the API: prepare a repo with automatic deploy keys and protected branches/tagscan you let me know how to protect a tag and allow it only for a group instead of maintainer.
- db on You want to see something really random? Infinite entropy returnsI like the garage-built look!
db on The LED bulb project: an autopsy on some failuresfree to good home. two $25 LED corn cob lights. Lightly used. Some bugs. May have missing led(s). Know a
Jayme Snyder on The LED bulb project: an autopsy on some failuresI've fixed a number of dead LED back-lit TV's found on Kijiji and through friends. I guess it's so much
faizal on Gitlab via the API: prepare a repo with automatic deploy keys and protected branches/tagscan you let me know how to protect a tag and allow it only for a group instead of maintainer.
- Security of the upstream code, and, the importance of the egress firewall
- Static Application Security Testing (SAST) and Nodejs (with Gitlab CI)
- Suffering sisyphean security solutions: make your chrome part of the solution
- Safely secure secrets: a sops plugin for kustomize
- They got in via the logging! remote exploits and DDoS using the security logs
- Increasing the usefulness of your Kubernetes Ingress logging
- When your security tools cost more than the thing they protect
- Protect your API key (and your credit rating)
- The supply chain security risk in action: ESLint
- Have you set your security context recently?
Top