Source: thenewstack.io
Preflight Defends Against Supply Chain Attacks with Single Line of CodeCategory: Data, github
Spectral, a cybersecurity company that prides itself on being “developer first,” has released Preflight, an open source tool to help prevent a chain of supply attacks. The breach wasn’t noticed until a security-conscious user checked the Secure Hash Algorithm 1 (SHA-1) checksum for the Github version of the tool, comparing it with the one they downloaded from Codecov, and noticing that the two were different.
Preflight, he said, was created to step in and handle this part of the process, ensuring that this type of hack would not be possible moving forward.
In addition, Preflight works with antimalware sites to ensure that, even if it is the correct application, it does not contain malware.
And after you compile it, put it in any of your Artifactory or your binary storage, so you can be sure that the chain of trust is not broken.
Preflight, he said, was created to step in and handle this part of the process, ensuring that this type of hack would not be possible moving forward.
In addition, Preflight works with antimalware sites to ensure that, even if it is the correct application, it does not contain malware.
And after you compile it, put it in any of your Artifactory or your binary storage, so you can be sure that the chain of trust is not broken.
Related Articles
Community Partners
DevOps Careers