Google’s open-source GUAC initiative will make information for securing the software supply chain readily available to everyone.
GUAC will allow developers, auditors, and risk management teams to evaluate risk more easily in their codebases. What: Google is seeking contributors to a new open-source project it has launched called Graph for Understanding Artifact Composition or GUAC. The goal of the effort, according to the company is to democratize the availability of software build, […]
Read MoreNewly disclosed vulnerability in PHP package repository highlights growing software supply chain risks
Key takeaway: Attackers are increasingly trying to infiltrate software development environments via malicious and poisoned packages on public code repositories. Robust SBOM and SCA practices are key to mitigating the threat [289 words] What: Researchers at SonarSource have disclosed a new vulnerability (CVE-2022-24828) in PHP package repository Packagist that gives attackers a way to execute […]
Read More