We're honored to be featured in Omdiaβs latest report spotlighting the leaders in firmware & #SoftwareSupplyChainSecurity π
Read the full report to explore what sets us apart π https://omdia.tech.informa.com/om129716/omdia-market-radar-firmware-and-software-supply-chain-security-2025
#ProductSecurity #SBOM #IoTSecurity #FirmwareSecurity #Omdia
Until these tools learn how to properly trust sources, check them yourself, and ensure their trustworthiness before using them.
I'm wondering if some kind of trust ecosystem could work here, though? It wouldn't be hard for the AIs to verify digital signatures, right?
#supplychainsecurity #supplychainattack #LLMs #factchecking #softwaresupplychain #SoftwareSupplyChainSecurity #ai #packagemanagement #weboftrust #factchecking #digitalsignatures
Here's your one-stop shop for this week's #AIagent news, this time in #softwaresupplychainsecurity.
Finite State is heading to #RSAC2025 π
The team will be in the AppSec village, discussing the latest in software supply chain security, & sharing insights on #SBOMs, vuln management, & compliance.
Attending? Drop by and say hi! π
#NPM: Two malicious packages were discovered on npm (#NodeJS package manager) that covertly patch legitimate, locally installed packages to inject a persistent reverse shell backdoor:
#SoftwareSupplyChainSecurity
π
https://www.bleepingcomputer.com/news/security/new-npm-attack-poisons-local-packages-with-backdoors/
"Another wakeup call:" A #softwaresupplychain attack on a widely used GitHub Actions repository renews experts' calls for better #buildpipeline security. #CICD #softwaresupplychainsecurity #GitHubActions https://www.techtarget.com/searchitoperations/news/366621078/GitHub-Actions-supply-chain-attack-spotlights-CI-CD-risks
#PyPI: 20 Malicious Python PyPI Packages Stole Cloud Tokens - Over 14,100 Downloads Before Removal:
#SoftwareSupplyChainSecurity
π
https://thehackernews.com/2025/03/malicious-pypi-packages-stole-cloud.html
β οΈ#GitHub: Critical security incident involving the popular tj-actions/changed-files GitHub Action which contained credentials/secrets exfiltration malware! β£οΈ (CVE-2025-30066)
#SoftwareSupplyChainSecurity
#tjactions
π
https://www.stepsecurity.io/blog/harden-runner-detection-tj-actions-changed-files-action-is-compromised
Complex SBOM integration? Anchore Enterprise makes it effortless with automation, compliance, and developer-friendly tools.
Read our blog: https://anchore.com/blog/effortless-sbom-analysis-how-anchore-enterprise-simplifies-integration/
Secure your software supply chain effortlessly. Anchore Enterprise streamlines SBOM analysis with easy integration and robust automation.
Dive in: https://anchore.com/blog/effortless-sbom-analysis-how-anchore-enterprise-simplifies-integration/
Simplify your SBOM analysis with Anchore Enterprise! Automate security checks & integrate seamlessly with CI/CD pipelines.
Learn more: https://anchore.com/blog/effortless-sbom-analysis-how-anchore-enterprise-simplifies-integration/
An exclusive hot off the press from yours truly: Zero-CVE #chainguard Images gain customization option #softwaresupplychainsecurity https://www.techtarget.com/searchitoperations/news/366619280/Zero-CVE-Chainguard-Images-gain-customization-option
π Is your organization prepared for DORA compliance?
Learn how SBOMs and Anchore Enterprise make proactive risk management and supply chain security easier.
Ready to secure your software supply chain? Our free ebook, SBOM 101, covers everything from SBOM fundamentals to integration in DevSecOps pipelines. Explore, learn, and contribute today:
π https://anchore.com/blog/sboms-101-a-free-open-source-ebook-for-the-devsecops-community/
π Curious about DORA and how it reshapes software supply chain security?
Find out how SBOMs are the cornerstone of compliance for financial institutions: https://anchore.com/blog/dora-overview/
SBOM sprawl blocking your security gains? Discover how to centralize and operationalize SBOMs for faster zero-day response and better compliance.
Read more: https://anchore.com/blog/sbom-management-how-to-tackle-sprawl-and-secure-your-supply-chain/
Now on AWS Marketplace: @anchore Enterprise! π Streamline your #DevSecOps with advanced container scanning and policy enforcement. More info: https://aws.amazon.com/marketplace/pp/prodview-ilkug4gdyavdq?sr=0-1&ref_=beagle&applicationId=AWSMPContessa #ContainerSecurity #SoftwareSupplyChainSecurity
Fighting SBOM sprawl? Discover how to store, enrich & query SBOMs effortlessly. Our new blog breaks down the essentials of SBOMOps + a peek at Anchore Enterprise.
Read on: https://anchore.com/blog/sbom-management-how-to-tackle-sprawl-and-secure-your-supply-chain/
π Announcing SBOM 101 β a free, open-source ebook for developers, security engineers, & the DevSecOps community! Master SBOM best practices and secure your software supply chain.
π https://anchore.com/blog/sboms-101-a-free-open-source-ebook-for-the-devsecops-community/
Gartnerβs "Leaderβs Guide to Software Supply Chain Security" breaks down a proven framework to help organizations strengthen security across the supply chain. Download your free copy today: π
