Lmst

When using open source software, YOU become the security supplier.

Discover how SCA scanning helps manage this responsibility and protect your applications from vulnerabilities like Log4j and XZ Utils: https://anchore.com/software-supply-chain-security/software-composition-analysis/

With up to 90% of applications built on open source code, SCA tools are no longer optional—they're essential.

Learn how Software Composition Analysis protects your organization from supply chain vulnerabilities: https://anchore.com/software-supply-chain-security/software-composition-analysis/

Your CI/CD pipeline is vulnerable, but it's not your fault - Elad Pticha, Oreen Livni

⚠️ Beware of "alert fatigue" in your security processes!

Learn why integrating #SoftwareCompositionAnalysis in your CI/CD pipeline is crucial for safeguarding your software from vulnerabilities: https://bit.ly/3LnT6Ci

#InfoQ article by Lukáš Křečan

Log4Shell, a critical vulnerability discovered in December 2021 and officially tracked as CVE-2021-44228, has had a long-lasting impact, prompting enterprises to adopt software composition analysis and secure supply chain management practices. Despite receiving patches and widespread attention, it remains a common cause for security breaches a year later. https://www.csoonline.com/article/3684108/log4shell-remains-a-big-threat-and-a-common-cause-for-security-breaches.html#tk.rss_all #Log4Shell #CVE2021-44228 #SoftwareCompositionAnalysis #SecureSupplyChainManagement

"Invisible npm malware – evading security checks with crafted versions" by Or Peles, JFrog Vulnerability Research Team Leader

#SoftwareCompositionAnalysis