-
-
A blog with Demo to show how Ortelius creates an application level SBOM, showing the microservice lower level data as well.
-
Consider explicitly supply-chain security. For example:https://github.blog/2022-04-07-slsa-3-compliance-with-github-actions/
- https://slsa.dev/
- https://www.openchainproject.org/get-started/confor…
-
- [ ] use [Harden Runner](https://github.com/step-security/harden-runner) in all GH workflows
- [ ] use hashes instead of versions in GH workflows
- [ ] add [OpenSSF Scorecard](https://github.com/os…
alpe updated
10 months ago
-
We have roughly 1000 dependencies in the Serai node, all which we have to be sure of.
One of the main things I want to prioritize is reduction of that amount of dependencies, primarily via reductio…
-
# NPM Supply Chain Attack Vulnerability
## Overview (TL/DR)
With an internet based Election protocol, election tampering can be done at scale.
A Node.js/JavaScript library supply chain attack …
-
## Description
The PURIS Mini-App, initially released with standards including ItemStock, DemandExchange, ProductionOutput, and DeliveryInformation. This feature finalizes the Supply Chain Disrupti…
-
The docs don't explain what kinds of supply chain attacks we are worried about, what we are doing to mitigate them, what risks we need to assume, etc.
There's also many ways to approach this proble…
-
Resources still being drained from planet feeding another planet after Cult flipped it and supply chain was broken/removed.
-
As we provided proposal on building AI powered chain of thoughts that will be available on ghdog web application, ghdog will get:
- AI powered web app
- Connected with Git(Hub)
- You'll have to hol…