Security Vulnerabilities
open-source dependency management Every Linux developer who works with Go has run the same workflow a thousand times. You find a library that solves your problem, you see a decent star count on GitHub, and you run go get. It is frictionless and efficient. Lately, however, it is becoming one of the most effective ways for an attacker to get code running on your build servers. The recent "Operation Muck and Load" campaign is a perfect example of why this workflow is risky. Researchers uncovered over 200 GitHub repositories...
5 - 9 min read
Security Vulnerabilities