Aqua Blog

Software Supply Chain Security

Gartner Report for SBOMs: Key Takeaways You Should Know

Gartner Report for SBOMs: Key Takeaways You Should Know

In its recent Innovation Insight for SBOMs report,* Gartner highlights the benefits of using software bills of materials (SBOMs) to secure modern, fast-paced DevOps pipelines. SBOMs shed light on blind spots in the software supply chain by enumerating all proprietary and open source components and enable the effective …

Continue reading ›
Package Planting: Are You [Unknowingly] Maintaining Poisoned Packages?

Package Planting: Are You [Unknowingly] Maintaining Poisoned Packages?

Aqua’s Team Nautilus found a logical flaw in npm that allows threat actors to masquerade a malicious package as legitimate and trick unsuspecting developers into installing it. Up until recently, npm allowed adding anyone as a maintainer of the package without notifying these users or getting their consent. Since you …

Continue reading ›
Software Supply Chain Security with Trivy: Generating SBOMs

Software Supply Chain Security with Trivy: Generating SBOMs

Trivy is an easy-to-use, comprehensive open source scanner that helps developers gain visibility into the software components used in their applications. With the growing awareness about supply chain security, software bills of materials (SBOMs) have become the standard for creating software inventory lists. To …

Continue reading ›
New npm Flaws Let Attackers Better Target Packages for Account Takeover

New npm Flaws Let Attackers Better Target Packages for Account Takeover

For the past few years, cybercriminals have been hijacking popular npm packages by taking over maintainers’ accounts. As part of our research at Team Nautilus, we discovered two flaws in the npm platform related to two-factor authentication (2FA). An attacker can use these flaws to target npm packages for account …

Continue reading ›
Software Supply Chain Security Threats: 2021 in Review

Software Supply Chain Attacks: 2021 in Review

As CI/CD pipelines have become an increasingly popular attack vector, 2021 saw a huge rise in software supply chain attacks. With their number more than tripling in the past year, securing the software delivery process is one of the most urgent needs. In our latest study, we examine the top supply chain security …

Continue reading ›

Subscribe to Email Updates

Popular Posts

Filter by Topic

Show more...