Why The US Government Is Mandating Software Bill Of Materials (SBOM)20220929140032

Why The US Government Is Mandating Software Bill Of Materials (SBOM)

Dana CraneLast Updated: September 29, 2022CycloneDX, SBOM, Software bill of materials, Software Identification tag, Software Package Data Exchange, SPDX, SWID
The US Government has restricted sales of software to those that can provide an SBOM. Learn how to auto-generate SBOMs for your software....
PyTorch Foundation: Everything You Need To Know20220922114337

PyTorch Foundation: Everything You Need To Know

Dana CraneLast Updated: September 22, 2022Facebook, Meta, PyTorch, PyTorch Foundation, tensorflow, TorchScript
PyTorch has found a new home with the Linux Foundation. Learn what it means going forward for your machine learning projects....
Python Artifact Repositories20220908132036

Python Artifact Repositories

Dana CraneLast Updated: September 8, 2022ActiveState Artifact Repository, artifact repository, curated Python catalog, Python Artifact Repository, supply chain security
Learn how to enable Dev and DevOps teams with secure, easily updatable Python wheels distributed via the ActiveState Artifact Repository....
Python Packages Execute Malicious Code Automatically20220902151643

Python Packages Execute Malicious Code Automatically

Dana CraneLast Updated: September 2, 2022python malware, Python supply chain security, setup.py, software supply chain security
Pip install and pip download can compromise your system with malware. Learn how you can counter this software supply chain threat....
Securing the Ruby Software Supply Chain20220825120031

Securing the Ruby Software Supply Chain

Dana CraneLast Updated: August 25, 2022dependency confusion, ruby, ruby programming language, rubygems, secure build service, supply chain security, typosquatting
Securing your Ruby software supply chain from end to end means implementing import, build and usage controls. Learn how....
How to Manage Programming Language Upgrades and EOL20220811130311

How to Manage Programming Language Upgrades and EOL

Dana CraneLast Updated: August 11, 2022End of Life, EOL, EOL support, Open source programming languages, Programming language upgrades
Learn how to reduce the costs of upgrading open source languages, as well as best practices when a programming language becomes EOL....
GitHub Flooded with Malware20220808111356

GitHub Flooded with Malware

Dana CraneLast Updated: August 8, 2022dependency confusion, github, malware, supply chain security, typosquatting
GitHub becomes weakest link in the software supply chain. Learn what you can do about it....
How to Prevent Dependency Confusion20220721151717

How to Prevent Dependency Confusion

Dana CraneLast Updated: July 21, 2022dependency confusion, dependency vendoring, secure build service, supply chain security
Learn the simple best practices you can implement to mitigate the risk of dependency confusion supply chain attacks....
How to De-risk Unavailable Software Dependencies – Lessons Learned20220714145605

How to De-risk Unavailable Software Dependencies – Lessons Learned

Dana CraneLast Updated: July 14, 2022atomicwrites, dependency vendoring, leftpad, pypi, software dependency availability, supply chain security
Learn how to prevent broken software when an open source dependency you rely on disappears from its public repository....
How Reproducible Builds Foster Security20220707145301

How Reproducible Builds Foster Security

Dana CraneLast Updated: July 7, 2022reproducible builds, SLSA, Supply chain levels for Software Artifacts, supply chain security
Reproducible builds are key to security, but expensive to set up and maintain. Learn how to get secure reproducible builds without the costs....
Previous
12311
Next