|
|
|
|
|
|
by chasd00
202 days ago
|
|
|
I think so. It’s that third step that I can’t figure out. Build systems are configured to pull the latest version of a dep automatically, without review, and then publish. It seems the poorly configured pipelines are what enable these attacks. Fix your pipelines |
|
|