"Supply Chain Attack 케이스 스터디 및 대응 방안에 관한 고찰", 제 3회 대충콘 세미나 발표 자료
-
Updated
May 29, 2021
"Supply Chain Attack 케이스 스터디 및 대응 방안에 관한 고찰", 제 3회 대충콘 세미나 발표 자료
Red team tool that emulates the SolarWinds CI compromise attack vector.
Insert payload through the program set by -toolexec. Just a toy
GitHub Action to analyze Pull Requests for open-source supply chain issues
Reproducible Builds: Scraper/Parser for https://buildinfos.debian.net into structured data
scans popular packages and alerts in cases there is suspicion of an account takeover
Authenticate a tarball through a signed tag in a git repository (with reproducible builds)
Practical Cybersecurity Supply Chain Risk Management
Blockchain simulation demonstrating an idea for improving the cybersecurity of a supply chain.
Azure DevOps Server development system segmentation best practices
Manage lockfiles in PKGBUILDs for upstreams that don't ship them, `updpkgsums` for dependency trees (Arch Linux tooling)
Standalone orchestrator for rebuilding Debian, Fedora and Qubes OS packages in order to generate `in-toto` metadata which can be used with `apt-transport-in-toto` or `dnf-plugin-in-toto` to validate reproducible status.
Sharing software supply chain security open source projects
A python application to add hashes to your requirements.txt
boostsecurityio/supply-chain-research
Docker and Kubernetes security steps to help you create, build, test, and run safer in containers
Aggregate view of all dependabot findings
A deliberately vulnerable repository against software supply chain attacks
Add a description, image, and links to the supply-chain-security topic page so that developers can more easily learn about it.
To associate your repository with the supply-chain-security topic, visit your repo's landing page and select "manage topics."