
OWASP CI/CD Part 3: Dependency Chain Abuse
As more teams rely on public repositories in their software supply chain, the dependency chain has become both a critical foundation and a potential blind spot. Dependency chain abuse is not new, but a growing list of attack vectors - like typosquatting, dependency confusion, and now slopsquatting - means security leaders need to respond quickly as attackers adopt new techniques.
Let’s take a look at how dependency chain abuse works, why it’s growing more dangerous in the age of GenAI, and what