GitHub has introduced Artifact Attestations, a software signing and verification feature based on Sigstore that protects the integrity of software builds in GitHub Actions workflows.

Cybersecurity researchers found risks in the GitHub Actions platform that could enable attackers to inject malicious code into software projects and initiate a supply chain attack. The way build ...

Software supply chain security is top of mind for every CISO, and this joint solution from JFrog and GitHub provides a critical, AI-infused cybersecurity control." ...

It has been a busy week for supply-chain attacks targeting open source software available in public repositories, with ...

Malicious PyPI packages, repo hijacks, and CVEs in Python containers put devs at risk. Learn how to stay secure.

Attacks on open-source and commercial software will continue to rise in 2023, says a new security vendor report on the software supply chain. However, the authors of the report also believe that ...

The "Omega" side of the project turns to the long-tail of software supply chain security, using automation and tooling to identify critical security vulnerabilities across a range of 10,000 widely ...

Software supply chain attacks are difficult to mitigate and carry a high cost. IBM’s Cost of a Data Breach Report 2023 found that the average cost of a software supply chain compromise was $4.63 ...

Software supply chain security, then, is all about verifying the authenticity and integrity of everything that goes into creating software in a way that is verifiable by consumers.

In order for organizations that use third-party software to have a way to ensure their safety, attestation as to the security of your software supply chain could become a contractual requirement ...