[ad_1] Software supply chain security has become a hot topic in the wake of high-profile dependency-based attacks. Producing an SBOM for your software artifacts can help you identify weaknesses and reduce the number of packages you rely on. A new Docker feature integrates support for SBOM generation in the docker CLI. This allows you to … Read more
[ad_1] fatmawati achmad zaenuri / Shutterstock.com With thousands of free Linux apps, it’s easy to lose track of what you once installed but no longer use. Here’s how to list installed applications in the major Linux families. The app graveyard The choice of free and open source applications available to Linux users is staggering. For … Read more
[ad_1] The Open Source Security Foundation (OpenSSF), an initiative supported by the Linux Foundation, has released its first prototype version of the ‘Packet Analysis’ tool that aims to detect and counter malicious attacks on open source registries. In a pilot run that lasted less than a month, the open source project released on GitHub was … Read more
[ad_1] A “logic flaw” in the npm registry allowed the authors of malicious packages to silently add anyone and any number of users as “maintainers” of their packages in an attempt to increase trust in their packages. The GitHub-owned repository of NodeJS components has now fixed the flaw after cloud-native security company Aqua responsibly reported … Read more