How a Security Team use Policy as Code for Open Source Security
Table of Contents
SBOM is being mandated in certain regulated industries, especially for tracking open source dependencies. However the usefulness of SBOM, which is basically an inventory, is the tooling and use-cases around it. Conventional SCA tools are notorious for false positives and noise. Ability to prevent insecure or risky open source components proactively is required to maintain a healthy and trustworthy open source software supply chain. In this talk, we look at how to use vet for establishing security guardrails against risky OSS components. We also look at a case study of how a security team leverage vet's policy as code feature for enforcing opinionated security policies.
- vet
- sbom
- sql
- cloud
Author
SafeDep Team
safedep.io
Share
The Latest from SafeDep blogs
Follow for the latest updates and insights on open source security & engineering
Malicious hermes-px on PyPI Steals AI Conversations
hermes-px on PyPI steals AI conversations via triple-encrypted exfiltration to Supabase, routing through a hijacked university endpoint while injecting a stolen 245KB system prompt.
Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2
A coordinated campaign of thirty-six malicious npm packages published by four sock-puppet accounts (umarbek1233, kekylf12, tikeqemif26, and umar_bektembiev1) targets Strapi CMS deployments with eight...
prt-scan: A 5-Phase GitHub Actions Credential Theft Campaign
A throwaway GitHub account submitted 219+ malicious pull requests in a single day, each carrying a 352-line payload that steals CI secrets, injects workflows, bypasses label gates, and scans /proc...
Compromised npm Package mgc Deploys Multi-Platform RAT
The npm package mgc was compromised via account takeover, with four malicious versions published in rapid succession deploying a full Remote Access Trojan targeting macOS, Windows, and Linux.
Ship Code.
Not Malware.
Start free with open source tools on your machine. Scale to a unified platform for your organization.
