InfoQ

LinkedIn Leverages GitHub Actions, CodeQL, and Semgrep for Code Scanning

LinkedIn has rebuilt its static application security testing (SAST) pipeline using GitHub Actions and custom workflows, ...
CSO Online

Shai-Hulud & Co.: The software supply chain as Achilles’ heel

The threat situation in the software supply chain is intensifying. Securing it belongs at the top of the CISO’s agenda.