Supply Chain Security

A collection of 12 posts

Protecting Your Software Supply Chain: Understanding Typosquatting and Dependency Confusion Attacks

Protecting Your Software Supply Chain: Understanding Typosquatting and Dependency Confusion Attacks

Typosquatting and dependency confusion are two common tactics used by hackers to exploit open-source package repositories. Understand how these attacks work and discover preventive measures to secure your infrastructure.

How We Built a Supply Chain Security Watchtower: Meet SaaS-Sentinel

How We Built a Supply Chain Security Watchtower: Meet SaaS-Sentinel

SaaS-Sentinel is a free monitoring platform that notifies users when their favorite tool might be under attack, helping them stay on top of supply chain risks. Here is the full story of this innovative project that seeks to democratize the use of honeytokens. Join the adventure today!

Supply Chain Security: Secrets and Modern Security Frameworks (Part III)

Supply Chain Security: Secrets and Modern Security Frameworks (Part III)

In this final part, we'll discuss more software supply chain security frameworks and the critical role of secrets detection in them. We'll explore the NIST SSDF, SLSA, and OSC&R frameworks and how they cover the topic of secrets in software supply chain security.

Supply Chain Security: What is SLSA? (Part I)

Supply Chain Security: What is SLSA? (Part I)

Attacks on software supply chains have been around for some time, but recently they have evolved into much more dangerous threats. Let's dive into the SLSA framework to understand where supply chain security is headed.

Honeytokens - Protect Your Holy Grail

Honeytokens - Protect Your Holy Grail

When protecting your SDLC, you must choose. But choose wisely. For as the True Grail will bring you life. The False Grail will take it from you.

arrow-down