Enguerrand Allamel
@enguerrand.dev
Staff Cloud Security Engineer @Ledger
Reposted by Enguerrand Allamel
Introducing Supply-Chain Firewall: Protecting Developers from Malicious Open Source Packages
securitylabs.datadoghq.com/articles/int... by @ikretz.bsky.social
New open-source tool designed to transparently block known malicious PyPI and npm packages.
github.com/DataDog/supp...
securitylabs.datadoghq.com/articles/int... by @ikretz.bsky.social
New open-source tool designed to transparently block known malicious PyPI and npm packages.
github.com/DataDog/supp...
Introducing Supply-Chain Firewall: Protecting Developers from Malicious Open Source Packages | Datadog Security Labs
Release of Supply-Chain Firewall, an open source tool for preventing the installation of malicious PyPI and npm packages
securitylabs.datadoghq.com
December 6, 2024 at 12:33 PM
Introducing Supply-Chain Firewall: Protecting Developers from Malicious Open Source Packages
securitylabs.datadoghq.com/articles/int... by @ikretz.bsky.social
New open-source tool designed to transparently block known malicious PyPI and npm packages.
github.com/DataDog/supp...
securitylabs.datadoghq.com/articles/int... by @ikretz.bsky.social
New open-source tool designed to transparently block known malicious PyPI and npm packages.
github.com/DataDog/supp...
Reposted by Enguerrand Allamel
"Census III of Free and hashtag#OpenSource Software: Application Libraries leans on more than 12M data points from security tools such as Black Duck, FOSSA, Snyk, and Sonatype, which have been deployed at more than 10k companies" techcrunch.com/2024/12/04/l...
Linux Foundation report highlights the true state of open source libraries in production apps | TechCrunch
A new report from the Linux Foundation highlights the true state of open source libraries in production apps.
techcrunch.com
December 6, 2024 at 4:29 PM
"Census III of Free and hashtag#OpenSource Software: Application Libraries leans on more than 12M data points from security tools such as Black Duck, FOSSA, Snyk, and Sonatype, which have been deployed at more than 10k companies" techcrunch.com/2024/12/04/l...
Reposted by Enguerrand Allamel
FYI #kubecon #cloudnativecon Final Europe 2025 CNCF-hosted Co-located Event CFP Count: 1,514! 📷 (38% increase from EU 24) - largest number of submissions we've received for co-los ever! events.linuxfoundation.org/kubecon-clou...
KubeCon + CloudNativeCon Europe | LF Events
The Cloud Native Computing Foundation’s flagship conference gathers adopters and technologists from leading open source and cloud native communities.
events.linuxfoundation.org
December 5, 2024 at 4:20 PM
FYI #kubecon #cloudnativecon Final Europe 2025 CNCF-hosted Co-located Event CFP Count: 1,514! 📷 (38% increase from EU 24) - largest number of submissions we've received for co-los ever! events.linuxfoundation.org/kubecon-clou...
Reposted by Enguerrand Allamel
Exclusive: The backdoor inserted in v1.95.7 adds an "addToQueue" function which exfiltrates the private key through seemingly-legitimate CloudFlare headers.
Calls to this function are then inserted in various places that (legitimately) access the private key.
Calls to this function are then inserted in various places that (legitimately) access the private key.
December 3, 2024 at 11:47 PM
Exclusive: The backdoor inserted in v1.95.7 adds an "addToQueue" function which exfiltrates the private key through seemingly-legitimate CloudFlare headers.
Calls to this function are then inserted in various places that (legitimately) access the private key.
Calls to this function are then inserted in various places that (legitimately) access the private key.