Note: This blog post was previously published on DevOps.com Imagine if the worldโs most pervasive programming language, used in the majority of organizations, services, websites and infrastructure today, was itself made to be malicious? Cybersecurity researchers from JFrog recently discovered a GitHub Personal Access Token in a public Docker containerโฆ due to the popularity of โฆ
The JFrog Security Research team has recently discovered and reported a leaked access token with administrator access to Pythonโs, PyPIโs and Python Software Foundationโs GitHub repositories, which was leaked in a public Docker container hosted on Docker Hub. As a community service, the JFrog Security Research team continuously scans public repositories such as Docker Hub, โฆ
When scanning packages, CVE (Common Vulnerabilities and Exposures) scanners can find thousands of vulnerabilities. This leaves developers with the painstaking task of sifting through long lists of vulnerabilities to identify the relevance of each, only to find that many vulnerabilities donโt affect their artifacts at all. Vulnerability Contextual Analysis uses the artifact context to eliminate โฆ
Recently, a novel supply chain attack was published by security researcher Alex Birsan, detailing how dependency confusion (or โnamesquattingโ) in package managers can be misused in order to execute malicious code on production and development systems. Background โ dependency confusion & Birsanโs attack In short, most package managers such as pip and npm do not โฆ
