Container‑Signierung mit Cosign: Sicherere Images für CI/CD & Kubernetes
Erfahren Sie, wie Sie mit Cosign Docker‑ und OCI‑Images signieren und verifizieren, um Supply‑Chain‑Angriffe zu verhindern – inkl. Praxis‑Beispiele.
Tag archive
Erfahren Sie, wie Sie mit Cosign Docker‑ und OCI‑Images signieren und verifizieren, um Supply‑Chain‑Angriffe zu verhindern – inkl. Praxis‑Beispiele.
84 malicious npm versions in 6 minutes: the 2026 TanStack trusted-publishing breach and the...
npm 12 shipped on 8 July 2026 with install scripts off by default: the CI fix Summary....

You know an offline AI model has not been swapped because its weights are cryptographically signed, the machine proves which file it loaded through a hardware attestation, and that load is recorded in
A retrospective on the January 2021 Codecov breach revisits how a single tampered line in the uploader turned tens of thousands of downstream CI environments into a secret exfiltration channel. The mechanism has not aged; the countermeasures are boring, and most pipelines still have not shipped them.
Erfahren Sie, wie Angreifer Lieferketten ausnutzen, welche realen Angriffe es gab und welche konkreten Schutzmaßnahmen Sie sofort umsetzen können.

Model poisoning and AI supply-chain attacks sit near the top of the 2026 risk list. We set out how fine-tuning on a sealed, provenance-tracked corpus, on hardware an organisation controls, lets it vou

Bumblebee scans npm, PyPI, Go, MCP configs, and editor extensions for compromised packages, all without running a single install script. Hands-on review.
Note: The Hermes repo contains no explicit statement saying "we don't use LangChain because…". This...
Most "golden image" pipelines assume a cloud builder or a beefy Linux box. This one runs end-to-end...
A practical 5-step framework for SBOM-driven risk management — automated generation, vulnerability correlation, context-aware scoring, and closed-loop

GuardFall shows 10 of 11 open source AI coding agents can be fooled by old Bash quirks, turning repos into attack surfaces.