Software Supply chain Tag

IntroductionOrca Security has recently identified a design flaw in Google Cloud Build service, named "Bad.Build." This flaw poses a serious security risk as it enables attackers to execute Privilege Escalation, granting them unauthorized entry into Google's Artifact Registry's code repositories.The consequences of this vulnerability extend...

This complexity means numerous avenues exist for attackers, including open-source software repositories. According to GitHub, 85-97% of enterprise codebases come from open-source repositories. Npm and PyPI repositories have seen a 300% increase in attacks over the past four years. For example, IconBurst is a prime illustration of today's...

Continuous integration and continuous delivery (CI/CD) pipelines are the foundation of any software organization that builds software in a "modern" way. Automation provides great power, but most developers miss the responsibility it entails. Developer: Yeah, we take CI/CD security seriously and have strong control on code maintainers, review...