🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

Minder can now provision the OpenSSF scorecard action: github.com/stacklok/minde…

Attackers continue to abuse open source ecosystems as a vector to deliver malware. In this incident, at least 4 trojanized npm packages silently collected and exfiltrated users' cryptocurrency wallet secrets upon installation. Read Poppaea's analysis of this attack here:

So much malware and other nasty’s out there, but lucky for us we have the awesome Poppaea tracking it down and giving a run down post autopsy like below.

Honored to be a Rising Star ⭐ in Forbes 2024 Cloud ☁️ 100. This list is impressive, and we’re excited to be part of the cloud’s future. 🎉 Grateful for the recognition Bessemer Forbes Salesforce Ventures The Cloud 100 bit.ly/4fsf2tv #Cloud100 #RisingStar

Listen to the full episode with Darin Pope, Luke Hinds and Viktor Farcic at devopsparadox.com/episodes/makin…

TSC Member Bob Callaway and community chair Hayden from the Google OS Sec Team chatted with puerco on the Stacklok hosted 🌮 Securi-Taco Tuesdays 📺show. Lot's on sigstore and & software supply chain security. Catch it here: youtube.com/watch?v=JwfTCe…

Another nasty one picked up by trustypkg. This one was quite interesting, as it had a Go binary baked in. One interesting obs, some well established (will remain nameless) infosec vendor DBs were showing this with 90+ scores for 'software supply chain' 🫣stacklok.com/blog/cross-pla…

Interesting thing here; @projectsigtore was used as one of many signals to sense the attack

The CFP deadline for SigstoreCon has been extended to Wednesday, September 18, 2024 at 11:59 pm Mountain Daylight Time (UTC-6). events.linuxfoundation.org/sigstorecon-su…

In London? Our CTO Luke Hinds will be keynoting DevSecOps London Gathering tonight with a talk on "Secure Repo Management as Scale, with Minder" at Google's (Central Saint Giles) London Office. Sign up here👇 meetup.com/devsecops-lond…

Bandit is now more capable of scanning AI models. v1.7.10 flags insecure use of torch.load where untrusted data can lead to arbitrary code execution, and improper use of torch.save might expose sensitive data or lead to data corruption: github.com/PyCQA/bandit/r…

I never expected to see Kelsey Hightower on /r/synthesizers

🎉 Welcome to the OpenSSF family, Minder! 📣 Stacklok is contributing Minder to OpenSSF as a sandbox project! Minder streamlines #OSSSecurity, auto-remediates issues, and flags key risks for devs & security teams. 🔍 Learn more about Minder: openssf.org/guest-blog/202…

I love the little nod 'I got you bruv'.

At Stacklok we released codegate today, an open-source, privacy-focused local proxy that acts as an essential layer of security within a developers generative AI workflow. Support is available for copilot and Continue with others on the way github.com/stacklok/codeg…

🔒Today Stacklok introduced CodeGate —local, open source privacy controls that work with your AI code assistant. You deploy a single container locally that encrypts secrets before they find their way into your prompts and alerts you when dangerous dependencies are suggested

Try out CodeGate with Continue: docs.codegate.ai/how-to/use-wit…

Nice round up by Poppaea on supply chain attacks in popular OSS packages !

Artificial intelligence is redefining industries at a staggering pace, and the field of cybersecurity is no exception. Luke Hinds @stacklokhq

Luke Hinds Stacklok thenewstack.io/evil-models-an…