Secure Registry now tells you which machine pulled a compromised package
Secure Registry now traces every npm and PyPI install back to the developer machine or CI pipeline behind it, so you can scope a compromised package in minutes.
Read the full article8d ago
You might also wanna read

Injective npm Supply Chain Attack: 18 Packages Backdoored to Steal Crypto Wallet Keys
Step Security·11h ago
.png)
Introducing Secret Exfiltration Protection for GitHub Actions
Step Security·1d ago
.png)
GitHub Secret Scanning Public Monitoring for Enterprises: Coverage and Gaps
Step Security·2d ago

10 Layers Deep: How StepSecurity Stops TeamPCP's Trivy Supply Chain Attack on GitHub Actions
Step Security·7d ago
.png)
StepSecurity Maintained Actions Are Now Free for Public Repos
Step Security·7d ago

Multiple @immobiliarelabs Backstage Plugins Compromised on npm
Step Security·8d ago

Comments
Sign in to join the conversation.
No comments yet. Be the first.