How a Security Team use Policy as Code for Open Source Security
This is a talk given at Accel Cyber Security Summit 2024 about securing the open source software supply chain using SafeDep vet. This talk highlights a case study of using policy as code for setting…
Read the full articleYou might also wanna read
Supply Chain Attacks on Open-Source Software: Case Study of Malicious Pull Request Attempts
Just in the last 7 days, we've seen LiteLLM and axios impacted by supply chain attacks. Recently, I was chatting with Bereket Engida, the cr

How open source C++ code can introduce security risks
This article explores how open source code introduces vulnerabilities into the software supply chain. It also highlights how you can identif

Enabling policy as code (PaC) with OPA and Rego
Learn how the Open Policy Agent (OPA) and its Rego rule language can be used to help streamline your policy as code (PaC) efforts in applica
DevSecOps tools for open source projects in JavaScript and Node.js
This post suggests some best practices, and discusses how maintainers and developers can adopt DevSecOps tools for open source projects to b

5 tips for using the Rego language for Open Policy Agent (OPA)
Rego code helps keep cloud resources secure. You can also use OPA and Rego languages to enable policy as code to automatically enforce coded

When software isn’t a “supply”
The following think piece, written by Snyk’s Open Source and Open Standards Strategy Director, Daniel Appelquist, examines the origin of the

Comments
Sign in to join the conversation.
No comments yet. Be the first.