open source

A practical guide to securing your software supply chain, covering SBOM generation, SLSA provenance, dependency management, CI/CD pipeline hardening, and regulatory requirements including the EU Cyber Resilience Act.

In March 2024, a Microsoft engineer accidentally discovered a backdoor in xz Utils that had been planted by an attacker who spent nearly three years building trust in the open-source community. The near-miss could have compromised millions of Linux servers.

Developer security platform enabling teams to find, prioritize, and fix vulnerabilities in code, dependencies, containers, and infrastructure as code.

Cloud-native security platform providing container security, Kubernetes protection, and supply chain security. Creator of Trivy, the most popular open source security scanner.

Cloud and container security platform built on Falco, the open source runtime security standard. Specializes in Kubernetes security, container protection, and cloud detection and response.