⚠️ If you haven't already heard, axios, the JavaScript HTTP client with more than 300 million monthly downloads on npm, was compromised yesterday. Malicious versions were published via a compromised maintainer account. ⚠️ Chainguard Containers and Libraries customers are safe. Here’s what to do if you were affected: * Audit your installed versions * Downgrade to secure versions * Treat affected systems as compromised * Rotate your credentials This attack continues the software supply chain security theme of the month: your company’s security is only as strong as your weakest open source dependency. Full details and breakdown on the blog: https://lnkd.in/evdZkn2X
As this rolling wave of supply chain attacks continue to hit, join me, Dan Lorenc, and Reid Tatoris on Thursday at 1:30pm ET for a live webinar: https://chainguard.registration.goldcast.io/webinar/b594cd1a-7ce0-469e-9a79-2652b6187a42
Public Sector Partners: Chainguard Containers and Libraries customers are safe. Not sure what else we need to say here. Read the blog, attend the webinar, reach out to learn more.