DEV Community

# supplychainsecurity

Posts

đź‘‹ Sign in for the ability to sort posts by relevant, latest, or top.
The Codecov bash uploader is five years old, and the class of attack still lives in your pipeline

The Codecov bash uploader is five years old, and the class of attack still lives in your pipeline

Comments
3 min read
Supply Chain Attacks verstehen: Praxisnahe Schutzstrategien fĂĽr moderne IT-Infrastrukturen

Supply Chain Attacks verstehen: Praxisnahe Schutzstrategien fĂĽr moderne IT-Infrastrukturen

Comments
6 min read
Perplexity Bumblebee Review: The Supply Chain Scanner Your Dev Machine Needs

Perplexity Bumblebee Review: The Supply Chain Scanner Your Dev Machine Needs

Comments
11 min read
Design Trade-offs: Why Hermes (and Many Popular Agents) Don't Use LangChain / LangGraph

Design Trade-offs: Why Hermes (and Many Popular Agents) Don't Use LangChain / LangGraph

Comments
8 min read
Building CIS-Hardened, SBOM-Attested CentOS 9 Golden Images with Packer, QEMU and PingAccess - entirely on WSL2

Building CIS-Hardened, SBOM-Attested CentOS 9 Golden Images with Packer, QEMU and PingAccess - entirely on WSL2

Comments
6 min read
The Atomic Arch Supply Chain Attack: What 1,500 Compromised AUR Packages Mean for Cloud-Native CI/CD Security

The Atomic Arch Supply Chain Attack: What 1,500 Compromised AUR Packages Mean for Cloud-Native CI/CD Security

Comments
4 min read
Miasma Worm: How Opening a Repo in Claude Code Became a Credential Theft Vector

Miasma Worm: How Opening a Repo in Claude Code Became a Credential Theft Vector

Comments
9 min read
The Gemini CLI CVSS 10 Attack: How a GitHub Issue Became a Supply Chain Weapon

The Gemini CLI CVSS 10 Attack: How a GitHub Issue Became a Supply Chain Weapon

Comments
6 min read
Supply Chain Attacks: Schutz vor bösartigen Abhängigkeiten im IT-Betrieb

Supply Chain Attacks: Schutz vor bösartigen Abhängigkeiten im IT-Betrieb

Comments
5 min read
Dependency Auditing at Scale: How to Automate Supply Chain Security with Dependabot and Snyk

Dependency Auditing at Scale: How to Automate Supply Chain Security with Dependabot and Snyk

1
Comments
8 min read
Socket: Secure Your JavaScript Supply Chain Against AI Threats

Socket: Secure Your JavaScript Supply Chain Against AI Threats

Comments
6 min read
What LucidShark Would Have Caught Before the TanStack Attack Landed

What LucidShark Would Have Caught Before the TanStack Attack Landed

Comments
7 min read
Clinejection: When Your AI Coding Tool Became the Weapon

Clinejection: When Your AI Coding Tool Became the Weapon

1
Comments
9 min read
Slopsquatting: The Attacker Playbook for AI-Hallucinated Package Names

Slopsquatting: The Attacker Playbook for AI-Hallucinated Package Names

1
Comments
10 min read
Signing Container Images with Cosign

Signing Container Images with Cosign

Comments
15 min read
đź‘‹ Sign in for the ability to sort posts by relevant, latest, or top.