3 Critical Best Practices of Software Supply Chain Security:
Understand how software supply chains work in large enterprises, discover the most important elements of software supply chain management, and how Mend can address them.
Choose Your Type
Choose Your Topic
Our Latest Content
A Weaponized npm Package ‘@core-pas/cyb-core’ Proclaimed Pentesting Related
On June 6th, 2022, the Mend research team detected and flagged a malicious dependency confusion attack in npm exfiltrating Windows SAM and SYSTEM files.
Introducing Mend Supply Chain Defender Integration with JFrog Artifactory
Mend announces integration of Supply Chain Defender (formerly Diffend) with JFrog Artifactory Plug-In.
From WhiteSource to Mend—A Rebrand Journey
When it comes to rebranding, it’s not about the destination, it’s about the journey How important is a company name, really? Turns out that it is pretty important, especially if the name you currently have does not represent what the company has become, or where it is going. Our name is what defines the vision,...
WhiteSource is Now Mend: You Code, We Cure
Volunteer delegation and charitable donations made to assist and aid those fleeing the crisis in the Ukraine
What is the NIST Supply Chain Risk Management Program?
Learn about the NIST C-SCRM program, its approach to supply chain security, and 4 critical best practices NIST recommends to secure your digital supply chains.
5 Vulnerability Assessment Scanning Tools: 5 Solutions Compared
Learn how vulnerability assessment tools work, key features and capabilities, and discover five great tools that can help you scan and remediate vulnerabilities.
Automated Software Supply Chain Attacks: Should You be Worried?
From the factory floor to online shopping, the benefits of automation are clear: Larger quantities of products and services can be produced much faster. But automation can also be used for malicious purposes, as illustrated by the ongoing software supply chain attack targeting the NPM package repository. By automating the process of creating and publishing...
Bad Actors Are Targeting npms: How to Protect Your Supply Chain
Learn how the most popular JavaScript package manager, npm, is being used by malicious actors to launch attacks, run botnets and steal credentials and cryptocurrency. Attend this webinar to: Gain insight into the 1,300 malicious npm packages found by WhiteSource Diffend Learn how threat actors are using npms to launch attacks—and how to stop them...
Best Practices For Managing Ruby Supply Chain Security Risks
Understand the types of Ruby supply chain attacks. Learn the best practices for preventing supply chain security risks in your Ruby projects.
A Guide To Implementing Software Supply Chain Risk Management
Learn how to implement a software supply chain risk management strategy in your enterprise. Discover risk management best practices, benefits, and more.
SCA Your First Step Toward Supply Chain Security
Over the past year, breaches like SolarWinds and Kaseya have made it impossible to ignore the threat of software supply chain attacks. Whether it’s infiltrating the software delivery pipeline, deliberately uploading malicious components to popular repositories or targeting existing vulnerabilities in open source components, attackers are exploiting blind spots in supply chain controls to compromise...