Defending Your Commits From Known CVEs With GitGuardian SCA And Git Hooks

May 20, 2024 at 08:12AM Developers often rely on open-source components, which account for the majority of modern software. However, vulnerabilities often stem from these components. GitGuardian’s Software Composition Analysis (SCA) enables developers to scan for CVEs before committing code, ensuring early detection and prevention of known vulnerabilities. GitGuardian SCA is available for a 2-week … Read more

AI Hallucinated Packages Fool Unsuspecting Developers

April 1, 2024 at 11:42AM Report by Lasso Security warns of AI chatbots leading software developers to use nonexistent packages, potentially exploited by threat actors. Bar Lanyado demonstrated large language model (LLM) chatbots’ susceptibility to spreading and recommending hallucinated packages. The research emphasizes the importance of cross-verifying uncertain LLM answers and exercising caution when integrating … Read more