SolarWinds isn’t the first company to experience a software supply chain attack focused on the build process. In our sixth annual State of the Software Supply Chain Report, we've documented a 430% increase in software supply chain related attacks. For instance, in May 2020, Octopus Scanner was discovered by GitHub as having IDEs injecting malicious code as part of the build process. Similarly, Gitpaste-12 leveraged trustworthy sites like GitHub and Pastebin to host itself and maliciously infect users.
SolarWinds isn’t the first company to experience a software supply chain attack focused on the build process. In our sixth annual State of the Software Supply Chain Report, we've documented a 430% increase in software supply chain related attacks. For instance, in May 2020, Octopus Scanner was discovered by GitHub as having IDEs injecting malicious code as part of the build process. Similarly, Gitpaste-12 leveraged trustworthy sites like GitHub and Pastebin to host itself and maliciously infect users.
The average Java development organization relies on over 3,500 open source projects, including 14,000 unique component releases. The average JavaScript developer downloads 90,000 npm packages packages annually. Documenting where these projects are sourced is key to understanding who can nefariously access and alter elements of the build process.
The average Java development organization relies on over 3,500 open source projects, including 14,000 unique component releases. The average JavaScript developer downloads 90,000 npm packages packages annually. Documenting where these projects are sourced is key to understanding who can nefariously access and alter elements of the build process.
The State of the Software Supply Chain Report has shown how high performing software development teams have improved security outcomes. In addition to mapping their software supply chains, these teams maintain automated checks on the quality of software components and packages moving through them, and update the components to the latest releases on a regular basis. As a result, these teams update their code more often and generally stay more secure.
The State of the Software Supply Chain Report has shown how high performing software development teams have improved security outcomes. In addition to mapping their software supply chains, these teams maintain automated checks on the quality of software components and packages moving through them, and update the components to the latest releases on a regular basis. As a result, these teams update their code more often and generally stay more secure.
The Advanced Development Pack allows developers to engage in proactive dependency management practices without losing the momentum of agile software development. The Advanced Development Pack makes developers’ lives easier by allowing them to:
Save time by knowing what components to avoid from the start of a project, whether it doesn’t fit policy or is associated with abnormal commit behavior.
The Advanced Development Pack allows developers to engage in proactive dependency management practices without losing the momentum of agile software development. The Advanced Development Pack makes developers’ lives easier by allowing them to:
Save time by knowing what components to avoid from the start of a project, whether it doesn’t fit policy or is associated with abnormal commit behavior.
