Unveiling 'poutine': An Open Source Build Pipelines security scanner
TL;DR BoostSecurity.io is thrilled to announce ‘poutine’ – an Open Source security scanner CLI you...
Opening Pandora’s box - Supply Chain Insider Threats in Open Source projects
TL;DR: Granting repository "Write" access in an Open Source project is a high-stakes decision. We...
The tale of a Supply Chain near-miss incident
TL;DR: We disclosed to Chainguard in December 2023 that one of their GitHub Actions workflow was...