InfoSec - Supply chain attacks

Example and defenses

https://openssf.org/blog/2024/04/15/open-source-security-openssf-and-openjs-foundations-issue-alert-for-social-engineering-takeovers-of-open-source-projects/

• xzutils example
• other attempts
• ways to defend your project

Package repository security

https://repos.openssf.org/principles-for-package-repository-security.html

Tools

https://guac.sh/why-guac/