BoostSecurity News, Press & Events

Posts by

BoostSecurity.io

Stop Letting AI Ship Time Bombs: Poutine MCP for CI/CD

Now generally available in our first major release: v1.0.

In our last post, we released the BoostSecurity Safe Package MCP server: a lightweight guardrail that lets coding agents check dependency safety before they install anything. That helps stop typosquats, malware-laced releases, and risky, unmaintained packages from ever reaching your machine.

Today, we’re taking the next step in developer supply-chain defense:

Meet the Poutine MCP Server

Poutine brings Model Context Protocol (MCP) superpowers to your editor/agent so it can analyze repos and build pipelines on demand, spot dangerous CI/CD coding patterns, and validate newly generated pipelines, all inline while you code.

Read More

SLSA dip — At the Source of the problem!

This article is part of a series about the security of the software supply chain. Each article will be analyzing a component of the Supply chain Levels for Software Artifacts (SLSA) model in depth, from the developer’s workstation all the way to the consumer side of the chain.

Read More