Kusari

?? Do you use the tj-actions/changed-files #GitHub Action? A compromise over the weekend affected all tags. If you’re not pinning your #dependencies by hash, you’re at risk for these kinds of attacks. We recently wrote about strategies for managing your dependency pins: https://lnkd.in/gCASj4hw. For more on the incident ?? https://lnkd.in/dmmK5UvJ #CyberSecurity #SoftwareSupplyChain #SoftwareSupplyChainSecurity

?? Happy St. Patrick's Day! ?? ?? To celebrate and have some fun, we're kicking off the week with a #softwaresupplychain limerick: A dev built an app, slick and grand, ?? But his #dependencies got out of hand. ???? A platform that blends, ??? No dev workflows to bend, ?? Kusari helped the org take a stand. ?? It pinpointed #threats in a flash, ? No #CVEs slipped through the stash. ???? With tracking so tight, ?? And updates just right, ? Production stayed secure—what a smash! ?? ?? Come have more fun with us at #KubeCon EU in #London! Tuesday, April 1 is the #DevSecOnTheRocks party (be sure to RSVP!) ?? + plenty of conversations and connections at the conference. See more here ?? https://lnkd.in/gmRSVwFM #SoftwareSupplyChainSecurity #DevSecOps?#CyberSecurity #OpenSource #GUAC

Time to celebrate the world’s most delicious irrational number!?Just like π never ends, #software security is an ongoing process. It’s a constant cycle of monitoring, auditing, and improving; not a one-and-done task. This #PiDay, make an appetizing commitment to infinite #security loops, #zerotrust principles, and a resilient #softwaresupplychain. Grab a three point, one fork and an #SBOM because whether it's pie or security, you always want to know what's inside. ???? ?? Oh, while you're eating....check out the next blog tracking the Whiskey Tasting Foundation's software supply chain security journey ?? https://lnkd.in/gs9vMb9v #seriouspidayhumor #cybersecurity #devsecops

?? Starting Your #SBOM Journey: Why & How to Begin Software #security isn’t just about fixing vulnerabilities—it’s about visibility, transparency, and trust. That’s where data come in, and the most known format for that is a Software Bill of Materials (SBOMs). In our latest blog, we break down the fundamentals of SBOMs—what they are, why they matter, and how organizations can start generating them effectively. ?? Key takeaways: ? SBOMs provide a detailed inventory of #software components, helping with security, #compliance, and #riskmanagement. ? Producing an SBOM is the first step toward securing your #softwaresupplychain. ? There’s no one-size-fits-all approach—adopting SBOMs is a journey that evolves with your security needs. This is just the beginning! ?? Watch for more of this series: we’ll explore the challenges, best practices, and real-world applications of SBOMs. Check out the full blog to start your journey: https://lnkd.in/giHVwJum #SBOM #SoftwareSecurity #CyberSecurity #SoftwareSupplyChainSecurity #OpenSource #OpenSourceSoftware #DevSecOps #CISO

Managing #software security can feel overwhelming. You know the data is there, but turning it into meaningful information is a real challenge. Enter Kusari's Timeline & List Views! ? Timeline View – Get full #package history at a glance. ?? ? List Views – See all your software, active #vulnerabilities and #dependencies, #SBOM timestamps. ? No more drowning in data—Kusari gives you the clarity to make smarter #security decisions. ?? Check out the full deep dive: https://lnkd.in/gm9kKDzC #CyberSecurity #SoftwareSupplyChain #DevSecOps #VulnerabilityManagement #DependencyManagement

Get the hits from our March newsletter: The Kusari Edge. ?? ???? AI risks & #softwaresupplychain concerns ? Fed agencies rush to patch critical VMware #vulnerabilities ?? KubeCon EU – A party invite, talks, demos, & #GUAC plushies! ?? ?? Kusari Score & Effort to Fix – smarter #softwaresupplychainsecurity ??? OSPS Baseline – boost your open-source #security ?? Read and subscribe ?? https://lnkd.in/gXddAGMp #CyberSecurity #KubeConEU #OpenSource #OpenSourceSecurity OpenSSF Cloud Native Computing Foundation (CNCF)

???? You're Invited! ?? #DevSecOnTheRocks at #KubeConEU! ???? Get ready for THE party where #security meets good vibes! ??Deep into #DevSecOps, love great convos—this is IT! ?? ??? Tech, security, & chill ?? Groovin' tunes & great company ?? Drinks & DevSecOps debates ?? Tuesday, April 1 at 6pm > Good Hotel London, near the Excel ?? Hosted by Kusari, ControlPlane, Cloudsmith and Spacelift ?? More info here: https://lnkd.in/gmRSVwFM #SoftwareSupplyChain #DevOps #SecOps #OpenSource #OpenSourceSoftware #OpenSourceSecurity #CyberSecurity

?? Supporting Open Source Projects & Their Maintainers ???? Open source #software powers so much of our digital world, and maintainers carry many of the responsibilities—including when it comes to #security. ??? The OpenSSF stepped up with a new baseline to help secure #opensource projects, offering much-needed guidance & support. ???? To all the #maintainers out there: We see you. We appreciate you. Your work is invaluable, and better security shouldn’t be a burden you carry alone. ?? Read more about this initiative & how it can help: ?? https://lnkd.in/gdFfgDVj Have questions? Want to get involved? Reach out to Open Source Project Security Baseline?(OSPS Baseline) co-maintainer Ben Cotton. #CyberSecurity #SoftwareDevelopment #ThankYouMaintainers

Applications rely heavily on third-party dependencies. #Security teams are constantly flooded with new #vulnerabilities. But, not every issue demands the same level of urgency. With a long list of security alerts, how do you decide what to fix first? #CyberSecurity #SupplyChainSecurity #DevSecOps #VulnerabilityManagement #RiskPrioritization #CISO #Engineering

Dependencies are the backbone of modern #software development, but managing them? That’s where the real challenge begins. Answer our poll ?? What’s the most frustrating part for you? ?? Each of these can derail projects, introduce #security #risk, and consume valuable time from #developers. Drop more of your thoughts below! How do you address these for your projects? ?? #SoftwareDevelopment #CISO #DevSecOps #Engineering #DependencyManagement #SoftwareSupplyChain