https://www.dedico.hu/en/tags/supply-chain/ Recent content in Supply-Chain on Dedico Hugo -- 0.137.1 en Tue, 31 Mar 2026 00:00:00 +0000 https://www.dedico.hu/en/posts/axios-npm-supply-chain-attack-cicd-defense/ Tue, 31 Mar 2026 00:00:00 +0000 https://www.dedico.hu/en/posts/axios-npm-supply-chain-attack-cicd-defense/ Axios was compromised on NPM with a RAT dropper. I scrambled to audit our CI/CD pipelines and lock down dependency installation. Here is what I did and what you should do right now. https://www.dedico.hu/en/posts/github-actions-supply-chain-attacks/ Wed, 25 Mar 2026 00:00:00 +0000 https://www.dedico.hu/en/posts/github-actions-supply-chain-attacks/ How SHA pinning alone won't save your CI/CD pipelines from supply chain attacks, and what I changed after the Trivy incident. https://www.dedico.hu/en/posts/cosign-slsa-image-verification-kubernetes/ Mon, 23 Mar 2026 00:00:00 +0000 https://www.dedico.hu/en/posts/cosign-slsa-image-verification-kubernetes/ How I set up cosign signature verification and SLSA provenance checks in production Kubernetes, the gotchas I hit, and why it was worth the pain.