Comment by chasd00

4 days ago

I think so. It’s that third step that I can’t figure out. Build systems are configured to pull the latest version of a dep automatically, without review, and then publish. It seems the poorly configured pipelines are what enable these attacks. Fix your pipelines

0 comments