Mend.io Resource Center

Read about application security, DevSecOps, license compliance, supply chain security, and malicious packages.

Choose Your Type

Choose Your Topic

Our Latest Content

Operationalizing DevSecOps

DevSecOps best practices are increasingly being adopted to better secure software supply chains. The challenge, though, is finding ways to operationalize these processes so they’re seamless and development and deployment don’t slow down. Join Shiri Arad Ivtsan, Senior Director of Product Management – Mend.io, in this editorial roundtable as these experts explore the challenges DevOps...

SBOMs: A Roadmap for a Secure Software Journey

Software supply chain threats and increasing regulatory pressures make supply chain security a top priority for software organizations. Software bills of materials (SBOMs) have emerged as an essential tool and a roadmap for organizations on their secure software journey. Join Jeff Martin, Vice President of Product Management – Mend.io in this panel of software security...

Strange Bedfellows: Software, Security and the Law

An unlikely alliance is being forged between CISOs, software leaders and legal experts due to the ongoing rise in cyberattacks across the software supply chain and a shifting regulatory landscape. Join Sam Quackenbush, Sr. Director of Field Innovation & Strategy – Mend.io for this live panel roundtable to discuss some of the top cyberlaw and...

How Supply Chain Attacks Work – and How to Stop Them

Security leaders are scrambling to reexamine the security of their software supply chains. This report details how to protect software components and applications from attack, examining: The growing threat of malicious package attacks, as identified by Mend.io, and what you can do about them. The importance of software bills of materials in software supply chain...

The Unseen Risks of Open Source Dependencies: The Case of an Abandoned Name

Mend.io research discovered a threat actor takeover of the name ‘gemnasium-gitlab-service', a retired Ruby gem with more than two million downloads. Existing projects that haven't updated their dependencies might unwittingly pull in this new version, assuming it's a continuation of the original. Given that the new gem is now controlled by an unknown entity, it could be altered to include malicious code or to perform undesirable actions.