Open-source components forever changed how we build software, but they are also a prominent security threat, nothing illustrated this better than the recent XZ library incident where the world narrowly avoided a massive supply chain attack. Join Gene Gotimer and Mackenzie Jackson to discuss how we can keep our open-source supply chains secure as we discuss: Security implications of vulnerable open-source components How using automation can help us move toward a secure supply chain How to discover and detect vulnerable components.

Speed up your remediation workflow with GitGuardian's new Advanced Jira Cloud integration: Users have already been able to manually open Jira tickets from the incident view in the dashboard. Now, you can configure GitGuardian to create a new Jira ticket to track any needed development efforts. You can also configure the Jira tickets to resolve an incident in GitGuardian when a specific status is reached. It will mark the associated incident as Resolved so you can stay focused on other work.

In this video, we explore AI package Hallucination. This threat is a result of AI generation tools hallucinating open-source packages or libraries that don't exist. In this video, we explore why this happens and show a demo of ChatGPT creating multiple packages that don't exist. We also explain why this is a prominent threat and how malicious hackers could harness this new vulnerability for evil. It is the next evolution of Typo Squatting.

Welcome to our concise video on ASPM – Application Security Posture Management! In this brief 1-minute video, we unravel the complexities surrounding ASPM, shedding light on its crucial role in safeguarding digital assets and data integrity. ASPM serves as a comprehensive framework for assessing, monitoring, and enhancing the security posture of applications throughout their lifecycle. From development to deployment and beyond, ASPM empowers organizations to proactively identify and mitigate security risks, vulnerabilities, and compliance gaps.