Driven by cyberattacks and new regulations, software supply chain security is a top concern that requires robust software identification. The post Why we need better software identification appeared first on Software Heritage.| Software Heritage
Okay, people, brace yourselves. We’ve officially entered the era where your automated systems are actively trying to steal your lunch money. It started subtly, a little hiccup in the matrix. But now? Now it’s a full-blown supply chain meltdown, and it all started with a seemingly innocuous GitHub Action called “tj-actions/changed-files.” Initially, it looked like […] The post The CI/CD Apocalypse: When Your Automated Builds Betray You appeared first on Poly Plugins.| Poly Plugins
In July 2022, the KubeEdge community completed a third-party security audit of KubeEdge and released a paper on cloud native edge computing security threat analysis and protection. Based on the security threat model and audit suggestions, the community consistently strengthens the KubeEdge software supply chain. Now, we are excited to announce that KubeEdge v1.13.0 (including both binary and container image artifacts), released on January 18, 2023, achieves SLSA 3 compliance, first of its kin...| KubeEdge Blog