- Noam Dotan
Showing all posts by Noam Dotan
OpenSSF SCM Best Practices Guide Released With Contributions From Legitify
Explore the collaborative effort by OpenSSF and leading security vendors in the release of SCM Best Practices Guide.
LastPass Software Supply Chain Attack: What Happened and Tips to Protect Against Similar Attacks
LastPass disclosed that an unauthorized party had gained access to portions of the LastPass developer environment. An attacker gained access to developer account credentials and used them to exfiltrate portions of their proprietary source code.
Vulnerable GitHub Actions Workflows Part 2: Actions That Open the Door to CI/CD Pipeline Attacks
We examine a bug we’ve found in a popular third-party GitHub action and how it could lead to your SDLC pipeline being attacked. Read more to improve GitHub security and secure your software supply chain.