Hi/5: Minimum Viable Secure Product, Bandit, Sigstore and more
Description
Minimum Viable Secure Product
Minimum Viable Secure Product is a minimalistic security checklist for B2B software and business process outsourcing suppliers.
How to Secure Python Web App Using Bandit
Bandit is a tool developed to locate and correct security problems in Python code. To do that Bandit analyzes every file, builds an AST from it, and runs suitable plugins to the AST nodes. Once Bandit has completed scanning all of the documents, it generates a report.
Explain Sigstore to me like I am five
Sigstore provides an easier way to seamlessly issue and validate signatures from constituent dependencies, including base images, all the way to the final deployed application artifact.
Threat Matrix for CI/CD Pipeline
This is an ATT&CK-like matrix focus on CI/CD Pipeline specific risk.
Malware Found in NPM Package with Millions of Weekly Downloads
A massively popular JavaScript library, UAParser.is (npm package), was modified with malicious code that downloaded and installed a password stealer and cryptocurrency miner on systems where compromised versions were used.
SHOW LESS
United States
