Hacker News new | ask | show | jobs
by ting0 82 days ago
And easily bypassed by an attacker who knows about your static analysis tool who can iterate on their exploit until it no longer gets flagged.
1 comments
fernandotakai 82 days ago
the main things are:

1. pin dependencies with sha signatures 2. mirror your dependencies 3. only update when truly necessary 4. at first, run everything in a sandbox.

link