4 matches found
EUVD-2023-1450
Malicious code in bioql PyPI...
CISA, NSA, and Global Partners Release a Shared Vision of Software Bill of Materials (SBOM) Guidance
CISA, in collaboration with NSA and 19 international partners, released joint guidance outliningA Shared Vision of Software Bill of Materials SBOM for Cybersecurity. This marks a significant step forward in strengthening software supply chain transparency and security worldwide. An SBOM is a form...
CVE-2023-30551
Rekor is an open source software supply chain transparency log. Rekor prior to version 1.1.1 may crash due to out of memory OOM conditions caused by reading archive metadata files into memory without checking their sizes first. Verification of a JAR file submitted to Rekor can cause an out of...
GUAC - Aggregates Software Security Metadata Into A High Fidelity Graph Database
Note: GUAC is under active development - if you are interested in contributing, please look at contributor guide and the "express interest" issue Graph for Understanding Artifact Composition GUAC aggregates software security metadata into a high fidelity graph database—normalizing entity identiti...