HTTP-Client Axios kompromittiert

@AWNetworks #Angriffsfläche #ArcticWolf #Axios #BuildTimeTool #Cybersecurity #Cybersicherheit #NPM #SBOM

netzpalaver.de/2026/...

日本初のSBOM管理ツール、AGESTがバージョン2.0を発表! AGESTが、純国産のSBOM管理ツール「SBOM Archi」バージョン2.0をリリース。セキュリティ強化や新機能を搭載し、複雑化するソフトウェア環境に対応。

日本初のSBOM管理ツール、AGESTがバージョン2.0を発表! #東京都 #文京区 #AGEST #ソフトウェア #SBOM

AGESTが、純国産のSBOM管理ツール「SBOM Archi」バージョン2.0をリリース。セキュリティ強化や新機能を搭載し、複雑化するソフトウェア環境に対応。

FedRAMP is moving faster than ever. With the new "FedRAMP 20x" initiative and the shift toward Rev 5, the days of manual spreadsheets and quarterly reviews are gone.
If you're managing co... https://anchore.com/fedramp/fedramp-overview/
#FedRAMP #DevSecOps #SBOM #NIST #Cybersecurity #PublicSectorIT

Shift-left compliance checking ⬅️

Catch violations before deployment, not during audits 🛡️

https://anchore.com/platform/enforce/

#SoftwareSupplyChain #SBOM #CyberSecurity #Compliance

False positives killing your team's productivity? 😵‍💫

Anchore Secure gives you signal, not noise 📡

https://anchore.com/platform/secure/

#SoftwareSupplyChain #SBOM #CyberSecurity #Compliance #DevSecOps

FedRAMP compliance in weeks, not months ⚡

Ready-to-deploy policy packs for instant compliance feedback 📋

https://anchore.com/platform/enforce/

#SoftwareSupplyChain #SBOM #CyberSecurity #Compliance

Supply Chain Attack on Axios Pulls Malicious Dependency from... A supply chain attack on Axios introduced a malicious dependency, plain-crypto-js@4.2.1, published minutes earlier and absent from the project’s GitHu...

A supply chain attack targeting the widely used HTTP client Axios has introduced a malicious dependency into specific npm releases, including axios@1.14.1 and axios@0.30.4. buff.ly/DGx0GMx #sbom #security 3npm #node

Join the Anchore Open Source team this Thursday at 12 PM PT for our live stream! We'll cover issues, PRs, & roadmap. https://www.youtube.com/watch?v=diRrt9HJRZU #SBOM #Vulnerability

Anchore SBOM Score = CVSS + EPSS + KEV status 📊

Because not all vulnerabilities are created equal ⚠️

https://anchore.com/platform/sbom/

#SoftwareSupplyChain #SBOM #CyberSecurity #Compliance #DevSecOps

Join the Anchore Open Source team this Thursday at 12 PM PT for our live stream! We'll cover issues, PRs, & roadmap. https://www.youtube.com/watch?v=diRrt9HJRZU #SBOM #Vulnerability

Original post on mastodon.social

RE: https://social.anoxinon.de/@gnulinux/116289467985502963

Beim GNU/Linux-Podcast spreche ich über Software-Lieferketten, SBOMs u.v.m. im Kontext der Deutschen Bahn. Also nicht nur, was das ist, sondern wie wir damit auch sinnvoll umgehen können und was das mit Engagement in […]

Supply chain attacks ↗️ 742% in 2023

Your traditional security stack wasn't built for this fight.

SBOM-first architecture changes everything ⚡

https://anchore.com/platform/

#SoftwareSupplyChain #SBOM #CyberSecurity

Ingesting thousands of third-party SBOMs is great…until you actually need to find one during an audit. 🔍 Anchore 5.25 adds advanced filters (Name, Version, Type) so your security teams can instantly pinpoint the exact assets th...
https://anchore.com/blog/anchore-enterprise-5-25/

#DevSecOps #SBOM

Anchore Enterprise is now SPDX 3 Ready | Anchore SPDX 3 is here! Explore how Anchore Enterprise is leading the way in supporting the latest SBOM technology advancements.

Zero-day investigations rely on historical SBOM data.

Will you be ready when threats require next-gen SBOMs you never collected?

Anchore Enterprise 5.20 = SPDX 3.0 storage now.

➡️ anchore.com/blog/anchore-enterprise-...

#SBOM #SupplyChainSecurity

Uncover Hidden Vulnerabilities with Dependency-Track Stop chasing ghost vulnerabilities. Join us on April 8 to master Dependency-Track, automate SBOMs, and use EPSS to fix what actually matters. Register now!

Static scans leave gaps that zero-days love to fill. 🕳️

Join our webinar on April 8 to see how #DependencyTrack uses real-time #SBOM analysis to find hidden risks.

buff.ly/XroQRSD

We’re also at #DrupalConChicago Booth 200 all week, come chat security with us!

"Bring Your Own SBOM" sounds simple...

Until you try to manage thousands of them 📊

Scale is everything 📈

https://anchore.com/platform/sbom/

#SoftwareSupplyChain #SBOM #CyberSecurity #Compliance #DevSecOps

Scale-out architecture for web-scale environments 📈

Because your containers don't wait for security scans ⏱️

https://anchore.com/platform/secure/

#SoftwareSupplyChain #SBOM #CyberSecurity #Compliance #DevSecOps

The moar #CRA and #SBOM articles are getting out ... the moar people are getting scared ;)

craevidence.com/blog/how-to-...

Enhanced Security Visibility: Bitnami Images Now Fully Scanned by Anchore Tools We are excited to announce an enhancement to the security reporting for all Bitnami images: Bitnami Secure Images are now correctly and fully scanned by Anchore’s open source project Grype analysis to...

Bitnami Secure Images now work seamlessly with @anchore.com's Grype for accurate CVE scanning.
Fewer false positives, clearer security posture, and simplified compliance for PhotonOS-based images.

Read more: blogs.vmware.com/tanzu/enhanc...
#security #containers #opensource #SBOM

[PDF] SBOMデータによる リスク管理の 意思決定の改善 ・ インフラセキュ リティ庁 （CISA） が推進するコミュニティ主導のワークストリーム であるSBOM運用ワー キンググルー プによって作成されました。 この文書の最終的な目標は、 実務者がSBOMを使用し て、 より情報に基づいた技術的およびビジネ ス上の意思決定を行うための基盤を構築することです。 二次的な目標 は、 外部データセッ ト1に関する議論を促進することです。 SBOMの活 用によって可能になる、 業界全体のソフ トウェアの透明性をさらに向上 させるプロセスです。 ユー スケー スを特定するために、 本ドキュメントで は 「SBOMライフサイ クル」 という概念を紹介します。

SBOMは「作る」から「活用」へ。CISA提唱のライフサイクルが、部品表を動的なリスク管理資産に変え、運用を自動化します。

・SPDX活用など13の実用例
・分析や継続監視まで網羅
・組織横断での透明性を確保

#SBOM #サイバーセキュリティ

Join the Anchore Open Source team this Thursday at 12 PM PT for our live stream! We'll cover issues, PRs, & roadmap. https://www.youtube.com/watch?v=NerKh_Pv2Gc #SBOM #Vulnerability

Join the Anchore Open Source team this Thursday at 12 PM PT for our live stream! We'll cover issues, PRs, & roadmap. https://www.youtube.com/watch?v=NerKh_Pv2Gc #SBOM #Vulnerability

SBOM erklärt: Transparenz für Software-Lieferketten SBOM erklärt: Wie Software-Komponenten sichtbar werden, Schwachstellen schneller erkannt werden und regulatorische Anforderungen erfüllt werden können.

Software besteht meist aus mehreren Abhängigkeiten.
Die eigentliche Frage bei neuen Schwachstellen ist:

Ist unsere Software betroffen und wenn ja, welche Komponente?

SBOM schafft hier Transparenz.

👉 vulndex.at/de/blog/sbom...
#SBOM #CyberSecurity #AppSec

Trivy Under Attack Again: Widespread GitHub Actions Tag Comp... Attackers compromised Trivy GitHub Actions by force-updating tags to deliver malware, exposing CI/CD secrets across affected pipelines.

Trivy Under Attack Again: Widespread GitHub Actions Tag Compromise Exposes CI/CD Secrets socket.dev/blog/trivy-u...
If you use(d) aquasecurity/trivy-action please take action. #security #sbom

Original post on norden.social

Der IT-Planungsrat hat die #EVB-IT-Verträge so angepasst, dass #OpenSource bei neuer Software zum Standard wird. #OpenCoDE wird als zentrales Repository eingesetzt und eine #SBOM verbessert Transparenz und Sicherheit. Behörden können Open-Source-Software rechtssicher beschaffen […]

Missed our Open Source stream? Catch the recording to hear about the latest Syft, Grype, and roadmap updates! https://www.youtube.com/watch?v=O5ewVqmClYo #SBOM #VulnerabilityScanning

Missed our Open Source stream? Catch the recording to hear about the latest Syft, Grype, and roadmap updates! https://www.youtube.com/watch?v=O5ewVqmClYo #SBOM #VulnerabilityScanning

SBOM-first isn't just a buzzword—it's the architecture that makes continuous security actually possible 🔄

Feel the difference ⚡

https://anchore.com/platform/

#SBOM #CRA #SoftwareSupplyChain #Compliance

Syft users! 📣 We want to hear from YOU! Take our quick 5-question survey to help shape the future of Syft. Your feedback is invaluable! 👉 https://forms.gle/VJZ7idKZgchminYD7
#Syft #SBOM #OpenSource

Tired of the "it passed on my machine" friction? 🤝 Devs and Security can finally look at the exact same data. Anchore 5.25 aligns AnchoreCTL & our enterprise backend with the same underlying libraries for perfect consistency.

https://anchore.com/blog/anchore-enterprise-5-25/

#DevSecOps #SBOM