boostsecurityio

@francoisproulx shares some his knowledge on build-time threats affecting the software supply chain boostsecurity.io/blog/slsa-dip-…

Published first article in a series on #supplychain security. Detailing attacks derived from #slsa threats. We're sharing the attack trees Deciduous definition on GitHub. Looking forward to community contributions! medium.com/boostsecurity/…