4 articles tagged #supply-chain
IBM and Red Hat launched Project Lightwell backed by $5B and Anthropic's Mythos AI model, which flagged 23,000 potential vulnerabilities across 1,000+ open source projects. Here's what the numbers actually mean and what to do before the disclosures land.
Over 160 npm packages were backdoored with valid SLSA Build Level 3 attestations. The trust model for GitHub Actions is broken -- here is what to fix.
Debian 14 is the first distro to hard-gate on reproducible builds. 414 packages are currently blocked from testing. What this means for maintainers and downstream users.
Trivy 0.70.0 is the first release after the March supply chain incident. New features landed, but the rotated GPG key for deb/rpm will silently break CI.