tag-security Proposed additions to supply chain security compromises list

Proposed additions to supply chain security compromises list

Open kurtseifried opened this issue 3 years ago • 1 comments

trafficstars

for https://github.com/cncf/tag-security/blob/main/supply-chain-security/compromises/README.md

pypi ctx: https://python-security.readthedocs.io/pypi-vuln/index-2022-05-24-ctx-domain-takeover.html https://blog.sonatype.com/pypi-package-ctx-compromised-are-you-at-risk

left-pad: https://www.theregister.com/2016/03/23/npm_left_pad_chaos/

Jul 19 '22 01:07 kurtseifried

Thank you for opening this issue!!

@kurtseifried : Would you mind opening a PR to add these to the list? Apologies if you already did and I missed it

Jul 29 '22 22:07 PushkarJ

This issue has been automatically marked as inactive because it has not had recent activity.

Oct 01 '22 05:10 stale[bot]

@kurtseifried any chance you have a moment to raise a PR or two here? No problem if not :pray:

Oct 10 '22 12:10 sublimino

This seems to be publishing infrastructure, similar to SolarWinds, does that sound about right?

Comm100: https://www.securityweek.com/supply-chain-attack-targets-customer-engagement-firm-comm100?utm_medium=email&utm_source=Eloqua&ref=GBSNewsletterEmail

Oct 12 '22 13:10 Caze121

Ctx is also mentioned in #914

Oct 31 '22 19:10 szh

Don't seem like @kurtseifried seeing your response.

Nov 03 '22 21:11 tahirraza

This issue has been automatically marked as inactive because it has not had recent activity.

Jan 07 '23 14:01 stale[bot]

Please file these as a PR if missing from the catalog.

Jun 21 '23 01:06 anvega

tag-security tag-security copied to clipboard

Proposed additions to supply chain security compromises list

tag-security
tag-security copied to clipboard