How to Ensure Open-Source Packages Are Not Mines

CISA and OpenSSF jointly published new guidance recommending technical controls to make it harder for developers to bring in malicious software components into code.

https://www.darkreading.com/application-security/untitled