Cloudsmith Blog

Latest

May 7 2025
3 min read

OWASP CI/CD Part 3: Dependency Chain Abuse

As more teams rely on public repositories in their software supply chain, the dependency chain has become both a critical foundation and a potential blind spot. Dependency chain abuse is not new, but a growing list of attack vectors - like typosquatting, dependency confusion, and now slopsquatting - means security leaders need to respond quickly as attackers adopt new techniques. Let’s take a look at how dependency chain abuse works, why it’s growing more dangerous in the age of GenAI, and what
Picture of Nigel Douglas
Nigel Douglas

Featured Blogs

Showing 1 to 12 of 280 results
Get our next blog straight to your inbox