Security research can be confusing to the open source user community. This blog post has some best practices for safely #PenTesting without raising unnecessary alarms. #malware #npm

With "Entitlements," access to historical NVD advisories and enhanced secret scanning with redirect.pizza, developers can improve workflows, ensure security and focus on coding. Guy Bar-Gil explores GitHub's new features in our latest blog: go.mend.io/3xXiwR1

Check out this post Artem and I wrote how we took advantage of Renovate Bot to help us manage patching our ArgoCD Applications. #gitops #argocd #renovatebot Virtru virtru.com/blog/automate-…

🚨Mend Supply Chain Defender blocked a massive dependency confusion attack by a single author who uploaded 168 packages to npm. Discover what happened, the list of malicious packages, and how to protect your organization from such attacks. go.mend.io/39JuXGx

Take a look at this Renovate Bot tutorial for insights on how to leverage the tool to reduce risk by automating dependency updates in software projects. go.mend.io/3tEFZUa #opensource Towards Dev

If you're into OSS supply chain security as I am, come and talk with me today at Infosecurity Europe at Mend.io! #opensource #cybersecurity #DevSecOps

Welcoming Léon Dawert and Christian Hörl, Kubernetes Solution Architects from SysEleven, to KCD Berlin! They will demonstrate automating dependencies using Renovate Bot. Join them next week in Berlin! 🌞 🎟️: eventbrite.de/e/kubernetes-c…

Calling all #developers, #DevOps in #Berlin. Learn dependency mgmt. automation tips & tricks with Mend.io Renovate Bot by SysEleven. #CouldNative enthusiasts. #CNCF CNCF #KCDBerlin kcd_berlin

Better late than never.

💥 As we speak, someone is uploading malicious crypto-mining packages to npm every 5 minutes. It seems the attacker aims at systems that automatically install/mirror packages and elevates that to mine Monero. Over 220 packages uploaded so far. #javascript #SupplyChain 🦠

Ok, at the moment npm is being flooded with hundreds of packages containing cryptocurrency mining software... All of them are being reported by us at Mend.io to npm #javascript #opensource #npmjs

SweetAlerts2 a popular #javascript popup boxes lib is now displaying a new call-for-peace message randomly to Russian users visiting Russian websites: my.diffend.io/npm/sweetalert… This changed message may be unexpected to at least part of the users/websites using it.

How Swissquote is keeping software dependencies up-to-date with Renovate | by Stéphane Goetz | Swissquote Tech Blog medium.com/swissquote-eng…

☠️💥🦠 Watch out for the fake Nasdaq Private Market Intuit Mailchimp marketing package. This one is a a brandjacking of the official one with a tracking code inside: my.diffend.io/npm/mailchimp-… Found thanks to Mend.io Supply Chain Defender. #supplychain #opensource #javascript #security #DevSecOps

Everything you need to know about #software #dependencies and how to manage them, in this post I wrote with Guy Bar-Gil on the Mend.io Free #DeveloperTools blog. Renovate Bot mend.io/free-developer…

How do you manage dependencies? I hope it's not something you do manually once a year. youtu.be/l0YH557eIiE Renovate Bot @DevOpsToolkit

There are many ways to manage dependencies, but one of Harsha Vardhan’s of In Plain English’s favorite ways is with Renovate Bot. Get the lowdown on how to utilize Renovate presets to manage #npm projects in this blog from JavaScript in Plain English: go.mend.io/3RkJ5ar

It’s been almost two years since we decided to give Renovate Bot a shot at keeping our Ansible, and docker things updated. Today it created its 1000th pull request🥳 Thanks for making my life _a lot_ easier.

ראיון עבודה לחברת סייבר: "ומה החולשות שלך?" "יש את CVE-2019-6644 ובטח יש עוד שאני לא מכיר"