Mend.io Resource Center

Read about application security, DevSecOps, license compliance, supply chain security, and malicious packages.

Choose Your Type

Choose Your Topic

Our Latest Content

Malicious Packages Special Report – Attacks Move Beyond Vulnerabilities

Threat actors are after our sensitive data. In 2023, the number of malicious packages published to Node Package Manager (npm) and RubyGems ballooned 315% compared to 2021, and 85% of malicious packages discovered in existing applications were capable of exfiltration – meaning they could cause an unauthorized transmission of information. Software packages containing malicious code...

The Importance of Adopting Modern AppSec Practices

Security is an increasingly critical aspect of application development. As the volume of applications rapidly expands, so does the volume of source code, components, and dependencies used to create them. With them comes a growth in the potential attack surface and an escalation in the variety of threats to your application security. Mend.io CEO Rami...

How Supply Chain Attacks Work – and How to Stop Them

Security leaders are scrambling to reexamine the security of their software supply chains. This report details how to protect software components and applications from attack, examining: The growing threat of malicious package attacks, as identified by Mend.io, and what you can do about them. The importance of software bills of materials in software supply chain...

The Unseen Risks of Open Source Dependencies: The Case of an Abandoned Name

Mend.io research discovered a threat actor takeover of the name ‘gemnasium-gitlab-service', a retired Ruby gem with more than two million downloads. Existing projects that haven't updated their dependencies might unwittingly pull in this new version, assuming it's a continuation of the original. Given that the new gem is now controlled by an unknown entity, it could be altered to include malicious code or to perform undesirable actions.

Mend.io Achieves AWS Security Competency Status

Mend.io has achieved Amazon Web Services (AWS) Security Competency status. This designation recognizes that Mend.io has demonstrated proven technology and deep expertise to help customers achieve cloud security goals and reinforces Mend.io’s position as a trusted member of the AWS Partner Network (APN).