Software releases are the backbone of open source security. That’s why the ASF Tooling team built Apache Trusted Releases (ATR) — a platform that adds automation, compliance checks, and traceability to project releases. Stronger, more secure ASF projects for everyone. 🔗 https://buff.ly/LjurmXB #SoftwareSupplyChain #OpenSourceSecurity #opensource
The Apache Software Foundation’s Post
More Relevant Posts
-
The Shai-Hulud threat exposed hundreds of malicious npm packages silently harvesting developer credentials. Learn how to safeguard your software supply chain and protect critical data >>> https://lnkd.in/e4MjUaPS
-
-
#Security and #compliance no longer have to operate in silos > The new JFrog + GitHub integration merges source #SBOMs and binary SBOMs into a single Dependency Graph, giving teams complete visibility across the software lifecycle. You can now: 🔒 Consolidate vulnerabilities from GitHub and JFrog Advanced Security in one place 🧩 Automate policy enforcement and evidence collection ⚡ Eliminate duplicate alerts and false positives Learn how unified visibility helps you stay compliant and release faster: https://bit.ly/4qbPohR
-
-
Product Management @ JFrog | Ex-VMware | Customer Advocate | Data Driven | DevOps | DevSecOps | Cloud FinOps | SaaS | ITAM | AI/ML - Gen AI | BFS . Talks about #Leadership | #Product Management | #Product Strategy
Finally, true end-to-end security visibility! 🤝 The new JFrog + GitHub integration eliminates security silos by merging source and binary #SBOMs into one Dependency Graph. This gives your teams complete control over the software lifecycle, from code commit to delivery. Stop chasing duplicate alerts and automate #compliance! Learn how to release faster and safer: [Link to post] #Security #DevSecOps
#Security and #compliance no longer have to operate in silos > The new JFrog + GitHub integration merges source #SBOMs and binary SBOMs into a single Dependency Graph, giving teams complete visibility across the software lifecycle. You can now: 🔒 Consolidate vulnerabilities from GitHub and JFrog Advanced Security in one place 🧩 Automate policy enforcement and evidence collection ⚡ Eliminate duplicate alerts and false positives Learn how unified visibility helps you stay compliant and release faster: https://bit.ly/4qbPohR
-
-
Remote Code Execution in GitLab: The Tale of a Rogue ‘GitHub Import' A critical vulnerability, Remote Code Execution (RCE), was discovered in the 'Import from GitHub' feature of GitLab CE/EE versions up to certain 15.x releases. This flaw enabled attackers to execute arbitrary commands on targeted servers due to unsafe deserialization of user-supplied data. The vulnerability was reported via HackerOne (#1679624) with a CVE ID of CVE-2022–2992. The severity was classified as critical. Developers and security professionals should be mindful of external data sources when implementing import features. https://lnkd.in/ea9BkrQp
-
DevOps, SRE, Platform Engineering, MLOps | AWS, GCP | Security | Kubernetes, Argo, Istio
Kubernetes community update The Ingress-NGINX project is officially being retired, with the Gateway API now recommended for traffic management. If your clusters still rely on Ingress-NGINX, it is advisable to start planning a migration to a supported ingress controller or the Gateway API. Please note that there will be no further bug fixes or security patches after March 2026. However, existing Ingress-NGINX deployments will continue to operate, and the current installation artifacts will remain available for use. For more details, visit: https://lnkd.in/gwGpzBn4
-
-
The SUSE Rancher Security team has issued a critical advisory addressing a command injection and buffer overflow vulnerability in NeuVector, the company’s full lifecycle container security platform. Tracked as CVE-2025-54469, the flaw carries the maximum CVSS score of 10.0, reflecting the potential for remote code execution and complete container compromise if exploited.
-
This guide provides step-by-step instructions for upgrading your system to support TLS 1.3 (Transport Layer Security version 1.3) for secure API communications with SMS Gateway Center. Official API Endpoint: https://lnkd.in/eYJrz5h3...
-
⚠️ Medium Risk Alert: Jenkins Curseforge Publisher Plugin is vulnerable to API Key exposure. The plugin stores API Keys unencrypted in job config.xml files, which can be viewed by users with certain permissions or access to the Jenkins controller file system. This is a clear example of why API security is crucial. Always remember to encrypt sensitive data and restrict access to it. #Jenkins #APIsecurity #OWASP #CryptographyFailures #SecurityMisconfiguration https://lnkd.in/eMVqjxwh
-
Two new entries in the 2025 version of the OWASP Top 10: "Mishandling of Exceptional Conditions" & "Software Supply Chain Failures." Waratek provides coverage for all of the OWASP categories (including the troublesome insecure deserialization). https://hubs.la/Q03T5rk_0
-
MSc Cyber Security | Aspiring SOC Analyst / Cyber Security Analyst | Skilled in SIEM, Incident Response, Python, Splunk, and Network Security
Completed an end-to-end pentest on three lab VMs — exploitation → escalation → remediation. Summary: Used Nmap, Metasploit, linPEAS and manual enumeration. Highlights: Tomcat file-upload → root (FreshCopy), URL command injection attempts (Hunted), and FTP→mail→RDP escalation (Master). Each VM includes PoC, commands and recommended fixes. Key takeaway: Remediation must cover code, config and credentials — fixing one layer isn’t enough. File: attaching full pentest report. If you want the PoC commands or remediation checklist, drop a comment. #pentesting #redteam #infosec #vulnerabilitymanagement #ethicalhacking
