Tag: Repository
-
GitHub Restores Access to XZ Utils Repository
A week after finding a malicious backdoor, GitHub has safely restored access to the XZ Utils repo for developers …
-
OpenSSF and CISA partner on Principles for Package Repository Security
According to the OpenSSF, package repositories are a critical point in the open source ecosystem for either allowing or preventing attacks. …
-
Presentation: Implementing OSSF Scorecards Across an Organization
Transcript Swan: Welcome to implementing OpenSSF Scorecards across the …
-
OpenSSF Launches Malicious Packages Repository
The repository has already amassed over 15,000 reports of malicious packages, drawing data from various sources, including the OpenSSF …
-
GitHub Repository Rules are now generally available
Protected branches have been around for a while, and we’ve made numerous improvements over time. We’ve added new rules to protect …
-
PyPI Repository temporarily suspends user sign-ups and package uploads due to ongoing attacks
The Python Package Index (PyPI) maintainers have temporarily disabled the sign up and package upload processes due to an ongoing attack. …
-
PyPI Repository Under Attack: User Sign-Ups and Package Uploads Temporarily Halted
The maintainers of Python Package Index (PyPI), the official third-party software repository for the Python programming language, have …
-
Packagist Repository Hacked: Over a Dozen PHP Packages with 500 Million Compromised
PHP software package repository Packagist revealed that an “attacker” gained access to four inactive accounts on the platform to hijack …
-
Researchers Report Supply Chain Vulnerability in Packagist PHP Repository
Researchers have disclosed details about a now-patched high-severity security flaw in Packagist, a PHP software package repository, that …
-
Open Source Repository Attacks Soar 700% in Three Years
The volume of malicious activity targeting upstream open source code repositories has hit triple-digit growth over the past three years, …
-
ActiveState Artifact Repository reduces the risk of securing Python supply chain
ActiveState releases ActiveState Artifact Repository to enable organizations to securely build Python dependencies directly from source …
-
PyPI Repository Warns Python Project Maintainers About Ongoing Phishing Attacks
The Python Package Index, PyPI, on Wednesday sounded the alarm about an ongoing phishing campaign that aims to steal developer credentials …
●●●