Topic

#slsa-provenance

1 article exploring slsa-provenance. Expert insights and analysis from our editorial team.

Showing 1–1 of 1 articles
Related topics:
supply-chain npm oidc ci-cd github-actions tanstack

Articles

Newest first
Security

Mini Shai-Hulud Ships the First Malicious npm With Valid SLSA Provenance

TeamPCP compromised TanStack's CI to publish 84 malicious npm packages with valid SLSA Build Level 3 provenance, proving that cryptographic attestation cannot protect a.
Browse All Topics