Search: [supply-chain-integrity] - bookmarks.sysop.cafe

Open Source Insights is an experimental service by Google to better understand the dependencies of open-source software packages. Currently, supported are Cargo (Rust), Go's module system, Maven (Java), and npm (Node.js).

google · supply-chain-integrity

June 6, 2021 at 23:25:39 GMT+2 * · permalink

·

https://deps.dev/

·

Software Supply Chain Best Practices

supply-chain-security · supply-chain-integrity · cncf

May 16, 2021 at 22:14:24 GMT+2 * · permalink

·

https://raw.githubusercontent.com/cncf/tag-security/main/supply-chain-security/supply-chain-security-paper/CNCF_SSCP_v1.pdf

·

Catalog of Supply Chain Compromises

supply-chain-integrity · supply-chain-security · cncf

May 16, 2021 at 22:13:10 GMT+2 * · permalink

·

https://github.com/cncf/tag-security/tree/main/supply-chain-security/compromises

·

CocoaPods Trunk: Remote Code Execution Found

The vulnerability that allowed the execution of arbitrary shell commands on the trunk server was introduced six years ago.

supply-chain-integrity · rce · macos

April 25, 2021 at 22:47:29 GMT+2 * · permalink

·

https://blog.cocoapods.org/CocoaPods-Trunk-RCE/

·

Lenovo is Using AMD PSB to Vendor Lock AMD CPUs

Article how with AMD PSB enabled, CPUs are locked to a vendor ecosystem.

lenovo · amd · hardware · vendor-lock · hardware-security · amd-epyc · supply-chain-integrity

April 11, 2021 at 23:53:12 GMT+2 * · permalink

·

https://www.servethehome.com/lenovo-is-using-amd-psb-to-vendor-lock-amd-cpus/

·

Introducing sigstore: Easy Code Signing & Verification for Supply Chain Integrity

This post introduces sigstore, a Linux Foundation project that aims to improve open-source software supply chain integrity and verification.

code-signing · security · supply-chain-integrity

March 14, 2021 at 21:29:10 GMT+1 * · permalink

·

https://security.googleblog.com/2021/03/introducing-sigstore-easy-code-signing.html

·