Software Supply Chain

Introduction Orca Security has recently identified a design flaw in Google Cloud Build service, named "Bad.Build." This flaw poses a serious security risk as it enables attackers to execute Privilege Escalation, granting them unauthorized entry into Google's Artifact Registry's code repositories. The consequences of this vulnerability extend...

In today's digital landscape, the security of software applications has become a pressing concern for organisations across industries. In fact, according to an international survey among developers worldwide, 62% of them indicate that their organisations are actively evaluating use cases or have plans to implement DevSecOps.Implementing a robust,...

This complexity means numerous avenues exist for attackers, including open-source software repositories. According to GitHub, 85-97% of enterprise codebases come from open-source repositories. Npm and PyPI repositories have seen a 300% increase in attacks over the past four years. For example, IconBurst is a prime illustration of today's...