checkmarx.com Open in urlscan Pro
141.193.213.20  Public Scan

Submitted URL: https://info.checkmarx.com/e3t/Ctc/2D+113/bY6S04/VWWQZt76CPZrW5Bkf2927ytfYW5q0Twr4Hy7Q6N4xH9cr5f6kmV3Zsc37CgL2DW8T2X1273d8c...
Effective URL: https://checkmarx.com/blog/the-open-source-supply-chain-under-assault-new-defenses-are-required/?utm_search_query=Blog...
Submission: On April 06 via api from SE — Scanned from DE

Form analysis 4 forms found in the DOM

GET https://checkmarx.com/

<form action="https://checkmarx.com/" method="get" class="gm-search-wrapper-form">
  <div class="gm-form-group">
    <input placeholder="Search..." type="text" name="s" class="gm-search__input">
    <button type="submit" class="gm-search-btn">
      <i class="fa fa-search"></i>
    </button>
  </div>
</form>

POST https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/146169/2101c475-809f-4105-8eab-7dbdeb6b03d7

<form novalidate="" accept-charset="UTF-8" action="https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/146169/2101c475-809f-4105-8eab-7dbdeb6b03d7" enctype="multipart/form-data" id="hsForm_2101c475-809f-4105-8eab-7dbdeb6b03d7"
  method="POST" class="hs-form stacked hs-form-private hsForm_2101c475-809f-4105-8eab-7dbdeb6b03d7 hs-form-2101c475-809f-4105-8eab-7dbdeb6b03d7 hs-form-2101c475-809f-4105-8eab-7dbdeb6b03d7_ed875f89-3f3a-4eeb-8363-b427793ccd56"
  data-form-id="2101c475-809f-4105-8eab-7dbdeb6b03d7" data-portal-id="146169" target="target_iframe_2101c475-809f-4105-8eab-7dbdeb6b03d7" data-reactid=".hbspt-forms-0">
  <div data-reactid=".hbspt-forms-0.1:$0">
    <div class="hs-richtext hs-main-font-element" data-reactid=".hbspt-forms-0.1:$0.0">
      <p><span style="color: #242424;">Never miss an update. Subscribe today!</span></p>
    </div>
  </div>
  <div class="hs_email hs-email hs-fieldtype-text field hs-form-field" data-reactid=".hbspt-forms-0.1:$1"><label id="label-email-2101c475-809f-4105-8eab-7dbdeb6b03d7" class="" placeholder="Enter your Email"
      for="email-2101c475-809f-4105-8eab-7dbdeb6b03d7" data-reactid=".hbspt-forms-0.1:$1.0"><span data-reactid=".hbspt-forms-0.1:$1.0.0">Email</span><span class="hs-form-required" data-reactid=".hbspt-forms-0.1:$1.0.1">*</span></label>
    <legend class="hs-field-desc" style="display:none;" data-reactid=".hbspt-forms-0.1:$1.1"></legend>
    <div class="input" data-reactid=".hbspt-forms-0.1:$1.$email"><input id="email-2101c475-809f-4105-8eab-7dbdeb6b03d7" class="hs-input" type="email" name="email" required="" placeholder="Email" value="" autocomplete="email"
        data-reactid=".hbspt-forms-0.1:$1.$email.0" inputmode="email"></div>
  </div>
  <div class="hs_lifecyclestage hs-lifecyclestage hs-fieldtype-radio field hs-form-field" style="display:none;" data-reactid=".hbspt-forms-0.1:$2"><label id="label-lifecyclestage-2101c475-809f-4105-8eab-7dbdeb6b03d7" class=""
      placeholder="Enter your Lifecycle Stage" for="lifecyclestage-2101c475-809f-4105-8eab-7dbdeb6b03d7" data-reactid=".hbspt-forms-0.1:$2.0"><span data-reactid=".hbspt-forms-0.1:$2.0.0">Lifecycle Stage</span></label>
    <legend class="hs-field-desc" style="display:none;" data-reactid=".hbspt-forms-0.1:$2.1"></legend>
    <div class="input" data-reactid=".hbspt-forms-0.1:$2.$lifecyclestage"><input name="lifecyclestage" class="hs-input" type="hidden" value="subscriber" data-reactid=".hbspt-forms-0.1:$2.$lifecyclestage.0"></div>
  </div>
  <div class="hs_utm_search_query hs-utm_search_query hs-fieldtype-text field hs-form-field" style="display:none;" data-reactid=".hbspt-forms-0.1:$3"><label id="label-utm_search_query-2101c475-809f-4105-8eab-7dbdeb6b03d7" class=""
      placeholder="Enter your Marketing Asset" for="utm_search_query-2101c475-809f-4105-8eab-7dbdeb6b03d7" data-reactid=".hbspt-forms-0.1:$3.0"><span data-reactid=".hbspt-forms-0.1:$3.0.0">Marketing Asset</span></label>
    <legend class="hs-field-desc" style="display:none;" data-reactid=".hbspt-forms-0.1:$3.1"></legend>
    <div class="input" data-reactid=".hbspt-forms-0.1:$3.$utm_search_query"><input name="utm_search_query" class="hs-input" type="hidden" value="Blog-Open-source-supply" data-reactid=".hbspt-forms-0.1:$3.$utm_search_query.0"></div>
  </div>
  <div class="hs_utm_campaign hs-utm_campaign hs-fieldtype-text field hs-form-field" style="display:none;" data-reactid=".hbspt-forms-0.1:$4"><label id="label-utm_campaign-2101c475-809f-4105-8eab-7dbdeb6b03d7" class=""
      placeholder="Enter your UTM Campaign" for="utm_campaign-2101c475-809f-4105-8eab-7dbdeb6b03d7" data-reactid=".hbspt-forms-0.1:$4.0"><span data-reactid=".hbspt-forms-0.1:$4.0.0">UTM Campaign</span></label>
    <legend class="hs-field-desc" style="display:none;" data-reactid=".hbspt-forms-0.1:$4.1"></legend>
    <div class="input" data-reactid=".hbspt-forms-0.1:$4.$utm_campaign"><input name="utm_campaign" class="hs-input" type="hidden" value="MAD" data-reactid=".hbspt-forms-0.1:$4.$utm_campaign.0"></div>
  </div>
  <div class="hs_utm_content hs-utm_content hs-fieldtype-text field hs-form-field" style="display:none;" data-reactid=".hbspt-forms-0.1:$5"><label id="label-utm_content-2101c475-809f-4105-8eab-7dbdeb6b03d7" class=""
      placeholder="Enter your UTM Content" for="utm_content-2101c475-809f-4105-8eab-7dbdeb6b03d7" data-reactid=".hbspt-forms-0.1:$5.0"><span data-reactid=".hbspt-forms-0.1:$5.0.0">UTM Content</span></label>
    <legend class="hs-field-desc" style="display:none;" data-reactid=".hbspt-forms-0.1:$5.1"></legend>
    <div class="input" data-reactid=".hbspt-forms-0.1:$5.$utm_content"><input name="utm_content" class="hs-input" type="hidden" value="" data-reactid=".hbspt-forms-0.1:$5.$utm_content.0"></div>
  </div>
  <div class="hs_utm_keyword hs-utm_keyword hs-fieldtype-text field hs-form-field" style="display:none;" data-reactid=".hbspt-forms-0.1:$6"><label id="label-utm_keyword-2101c475-809f-4105-8eab-7dbdeb6b03d7" class=""
      placeholder="Enter your UTM Keyword" for="utm_keyword-2101c475-809f-4105-8eab-7dbdeb6b03d7" data-reactid=".hbspt-forms-0.1:$6.0"><span data-reactid=".hbspt-forms-0.1:$6.0.0">UTM Keyword</span></label>
    <legend class="hs-field-desc" style="display:none;" data-reactid=".hbspt-forms-0.1:$6.1"></legend>
    <div class="input" data-reactid=".hbspt-forms-0.1:$6.$utm_keyword"><input name="utm_keyword" class="hs-input" type="hidden" value="" data-reactid=".hbspt-forms-0.1:$6.$utm_keyword.0"></div>
  </div>
  <div class="hs_utm_medium hs-utm_medium hs-fieldtype-text field hs-form-field" style="display:none;" data-reactid=".hbspt-forms-0.1:$7"><label id="label-utm_medium-2101c475-809f-4105-8eab-7dbdeb6b03d7" class="" placeholder="Enter your UTM Medium"
      for="utm_medium-2101c475-809f-4105-8eab-7dbdeb6b03d7" data-reactid=".hbspt-forms-0.1:$7.0"><span data-reactid=".hbspt-forms-0.1:$7.0.0">UTM Medium</span></label>
    <legend class="hs-field-desc" style="display:none;" data-reactid=".hbspt-forms-0.1:$7.1"></legend>
    <div class="input" data-reactid=".hbspt-forms-0.1:$7.$utm_medium"><input name="utm_medium" class="hs-input" type="hidden" value="newsletter" data-reactid=".hbspt-forms-0.1:$7.$utm_medium.0"></div>
  </div>
  <div class="hs_utm_source hs-utm_source hs-fieldtype-text field hs-form-field" style="display:none;" data-reactid=".hbspt-forms-0.1:$8"><label id="label-utm_source-2101c475-809f-4105-8eab-7dbdeb6b03d7" class="" placeholder="Enter your UTM Source"
      for="utm_source-2101c475-809f-4105-8eab-7dbdeb6b03d7" data-reactid=".hbspt-forms-0.1:$8.0"><span data-reactid=".hbspt-forms-0.1:$8.0.0">UTM Source</span></label>
    <legend class="hs-field-desc" style="display:none;" data-reactid=".hbspt-forms-0.1:$8.1"></legend>
    <div class="input" data-reactid=".hbspt-forms-0.1:$8.$utm_source"><input name="utm_source" class="hs-input" type="hidden" value="Email" data-reactid=".hbspt-forms-0.1:$8.$utm_source.0"></div>
  </div>
  <div class="hs_gclid hs-gclid hs-fieldtype-text field hs-form-field" style="display:none;" data-reactid=".hbspt-forms-0.1:$9"><label id="label-gclid-2101c475-809f-4105-8eab-7dbdeb6b03d7" class="" placeholder="Enter your GCLID"
      for="gclid-2101c475-809f-4105-8eab-7dbdeb6b03d7" data-reactid=".hbspt-forms-0.1:$9.0"><span data-reactid=".hbspt-forms-0.1:$9.0.0">GCLID</span></label>
    <legend class="hs-field-desc" style="display:none;" data-reactid=".hbspt-forms-0.1:$9.1"></legend>
    <div class="input" data-reactid=".hbspt-forms-0.1:$9.$gclid"><input name="gclid" class="hs-input" type="hidden" value="" data-reactid=".hbspt-forms-0.1:$9.$gclid.0"></div>
  </div>
  <div class="hs_all_utms hs-all_utms hs-fieldtype-textarea field hs-form-field" style="display:none;" data-reactid=".hbspt-forms-0.1:$10"><label id="label-all_utms-2101c475-809f-4105-8eab-7dbdeb6b03d7" class="" placeholder="Enter your All UTMs"
      for="all_utms-2101c475-809f-4105-8eab-7dbdeb6b03d7" data-reactid=".hbspt-forms-0.1:$10.0"><span data-reactid=".hbspt-forms-0.1:$10.0.0">All UTMs</span></label>
    <legend class="hs-field-desc" style="display:none;" data-reactid=".hbspt-forms-0.1:$10.1"></legend>
    <div class="input" data-reactid=".hbspt-forms-0.1:$10.$all_utms"><input name="all_utms" class="hs-input" type="hidden" value="" data-reactid=".hbspt-forms-0.1:$10.$all_utms.0"></div>
  </div>
  <div class="legal-consent-container" data-reactid=".hbspt-forms-0.2">
    <div class="hs-richtext" data-reactid=".hbspt-forms-0.2.0">
      <p> </p>
    </div>
    <div data-reactid=".hbspt-forms-0.2.1:0">
      <div class="hs-dependent-field" data-reactid=".hbspt-forms-0.2.1:0.$LEGAL_CONSENT=1subscription_type_3984794">
        <div class="hs_LEGAL_CONSENT.subscription_type_3984794 hs-LEGAL_CONSENT.subscription_type_3984794 hs-fieldtype-booleancheckbox field hs-form-field"
          data-reactid=".hbspt-forms-0.2.1:0.$LEGAL_CONSENT=1subscription_type_3984794.$LEGAL_CONSENT=1subscription_type_3984794">
          <legend class="hs-field-desc" style="display:none;" data-reactid=".hbspt-forms-0.2.1:0.$LEGAL_CONSENT=1subscription_type_3984794.$LEGAL_CONSENT=1subscription_type_3984794.1"></legend>
          <div class="input" data-reactid=".hbspt-forms-0.2.1:0.$LEGAL_CONSENT=1subscription_type_3984794.$LEGAL_CONSENT=1subscription_type_3984794.$LEGAL_CONSENT=1subscription_type_3984794">
            <ul class="inputs-list" data-reactid=".hbspt-forms-0.2.1:0.$LEGAL_CONSENT=1subscription_type_3984794.$LEGAL_CONSENT=1subscription_type_3984794.$LEGAL_CONSENT=1subscription_type_3984794.0">
              <li class="hs-form-booleancheckbox" data-reactid=".hbspt-forms-0.2.1:0.$LEGAL_CONSENT=1subscription_type_3984794.$LEGAL_CONSENT=1subscription_type_3984794.$LEGAL_CONSENT=1subscription_type_3984794.0.0"><label
                  for="LEGAL_CONSENT.subscription_type_3984794-2101c475-809f-4105-8eab-7dbdeb6b03d7" class="hs-form-booleancheckbox-display"
                  data-reactid=".hbspt-forms-0.2.1:0.$LEGAL_CONSENT=1subscription_type_3984794.$LEGAL_CONSENT=1subscription_type_3984794.$LEGAL_CONSENT=1subscription_type_3984794.0.0.0"><input
                    id="LEGAL_CONSENT.subscription_type_3984794-2101c475-809f-4105-8eab-7dbdeb6b03d7" class="hs-input" type="checkbox" name="LEGAL_CONSENT.subscription_type_3984794" value="true"
                    data-reactid=".hbspt-forms-0.2.1:0.$LEGAL_CONSENT=1subscription_type_3984794.$LEGAL_CONSENT=1subscription_type_3984794.$LEGAL_CONSENT=1subscription_type_3984794.0.0.0.0"><span
                    data-reactid=".hbspt-forms-0.2.1:0.$LEGAL_CONSENT=1subscription_type_3984794.$LEGAL_CONSENT=1subscription_type_3984794.$LEGAL_CONSENT=1subscription_type_3984794.0.0.0.1">
                    <p>I would like to receive communications from Checkmarx and its affiliates regarding software security, Checkmarx products and services. </p>
                  </span></label></li>
            </ul>
          </div>
        </div>
      </div>
      <legend class="hs-field-desc checkbox-desc" style="display:none;" data-reactid=".hbspt-forms-0.2.1:0.1"></legend>
    </div>
    <div class="hs-richtext" data-reactid=".hbspt-forms-0.2.2">
      <p>By submitting my information to Checkmarx, I hereby consent to the terms and conditions found in the Checkmarx <a href="https://www.checkmarx.com/privacy-policy/" target="_blank">Privacy Policy</a> and to the processing of my personal data
        as described therein. </p>
    </div>
    <div class="hs-richtext" data-reactid=".hbspt-forms-0.2.3">
      <p>By clicking submit below, you consent to allow Checkmarx to store and process the personal information submitted above to provide you the content requested.</p>
    </div>
  </div>
  <div class="hs_submit hs-submit" data-reactid=".hbspt-forms-0.5">
    <div class="hs-field-desc" style="display:none;" data-reactid=".hbspt-forms-0.5.0"></div>
    <div class="actions" data-reactid=".hbspt-forms-0.5.1"><input type="submit" value="SIGN UP" class="hs-button primary large" data-reactid=".hbspt-forms-0.5.1.0"></div>
  </div><noscript data-reactid=".hbspt-forms-0.6"></noscript><input name="hs_context" type="hidden"
    value="{&quot;rumScriptExecuteTime&quot;:2261.7999992370605,&quot;rumServiceResponseTime&quot;:2699.6000022888184,&quot;rumFormRenderTime&quot;:1.5,&quot;rumTotalRenderTime&quot;:2701.7999992370605,&quot;rumTotalRequestTime&quot;:436.9000015258789,&quot;legalConsentOptions&quot;:&quot;{\&quot;communicationConsentCheckboxes\&quot;:[{\&quot;communicationTypeId\&quot;:3984794,\&quot;label\&quot;:\&quot;<p>I would like to receive communications from Checkmarx and its affiliates regarding software security, Checkmarx products and services. </p>\&quot;,\&quot;required\&quot;:false}],\&quot;legitimateInterestLegalBasis\&quot;:\&quot;LEGITIMATE_INTEREST_PQL\&quot;,\&quot;communicationConsentText\&quot;:\&quot;<p> </p>\&quot;,\&quot;processingConsentType\&quot;:\&quot;IMPLICIT\&quot;,\&quot;processingConsentText\&quot;:\&quot;<p>By clicking submit below, you consent to allow Checkmarx to store and process the personal information submitted above to provide you the content requested.</p>\&quot;,\&quot;processingConsentCheckboxLabel\&quot;:\&quot;<p>I would like to receive communications from Checkmarx and its affiliates regarding software security, Checkmarx products and services.</p>\&quot;,\&quot;privacyPolicyText\&quot;:\&quot;<p>By submitting my information to Checkmarx, I hereby consent to the terms and conditions found in the Checkmarx <a href=\\\&quot;https://www.checkmarx.com/privacy-policy/\\\&quot; target=\\\&quot;_blank\\\&quot;>Privacy Policy</a> and to the processing of my personal data as described therein.  </p>\&quot;,\&quot;isLegitimateInterest\&quot;:false}&quot;,&quot;renderRawHtml&quot;:&quot;true&quot;,&quot;embedAtTimestamp&quot;:&quot;1649247426434&quot;,&quot;formDefinitionUpdatedAt&quot;:&quot;1639421734076&quot;,&quot;pageUrl&quot;:&quot;https://checkmarx.com/blog/the-open-source-supply-chain-under-assault-new-defenses-are-required/?utm_search_query=Blog-Open-source-supply&amp;utm_campaign=MAD&amp;utm_medium=newsletter&amp;_hsmi=209094726&amp;_hsenc=p2ANqtz--GSVO2Gve9OirEifZpt1lF0bmt0CaMY6YEZkKxMUsDNVR_PPv4rQcVr77d4rM8dV6Bod-mxuCSp8kxq6btPLBGABN6KRxVn4l7YKA8skeyrn6MSvk&amp;utm_source=Email&quot;,&quot;pageTitle&quot;:&quot;The Open Source Supply Chain Under Assault – New Defenses Are Required | Checkmarx.com&quot;,&quot;source&quot;:&quot;FormsNext-static-5.466&quot;,&quot;sourceName&quot;:&quot;FormsNext&quot;,&quot;sourceVersion&quot;:&quot;5.466&quot;,&quot;sourceVersionMajor&quot;:&quot;5&quot;,&quot;sourceVersionMinor&quot;:&quot;466&quot;,&quot;timestamp&quot;:1649247426434,&quot;userAgent&quot;:&quot;Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36&quot;,&quot;originalEmbedContext&quot;:{&quot;portalId&quot;:&quot;146169&quot;,&quot;formId&quot;:&quot;2101c475-809f-4105-8eab-7dbdeb6b03d7&quot;,&quot;target&quot;:&quot;#hbspt-form-1649247425000-8827430072&quot;},&quot;boolCheckBoxFields&quot;:&quot;LEGAL_CONSENT.subscription_type_3984794&quot;,&quot;urlParams&quot;:{&quot;utm_search_query&quot;:&quot;Blog-Open-source-supply&quot;,&quot;utm_campaign&quot;:&quot;MAD&quot;,&quot;utm_medium&quot;:&quot;newsletter&quot;,&quot;_hsmi&quot;:&quot;209094726&quot;,&quot;_hsenc&quot;:&quot;p2ANqtz--GSVO2Gve9OirEifZpt1lF0bmt0CaMY6YEZkKxMUsDNVR_PPv4rQcVr77d4rM8dV6Bod-mxuCSp8kxq6btPLBGABN6KRxVn4l7YKA8skeyrn6MSvk&quot;,&quot;utm_source&quot;:&quot;Email&quot;},&quot;renderedFieldsIds&quot;:[&quot;email&quot;,&quot;LEGAL_CONSENT.subscription_type_3984794&quot;],&quot;formTarget&quot;:&quot;#hbspt-form-1649247425000-8827430072&quot;,&quot;correlationId&quot;:&quot;99e225b6-205d-4669-b355-a7e8f4cf1ef9&quot;,&quot;contentType&quot;:&quot;blog-post&quot;,&quot;hutk&quot;:&quot;1ec9843f3179c75cbd93d504c6fdab97&quot;,&quot;captchaStatus&quot;:&quot;NOT_APPLICABLE&quot;}"
    data-reactid=".hbspt-forms-0.7"><iframe name="target_iframe_2101c475-809f-4105-8eab-7dbdeb6b03d7" style="display:none;" data-reactid=".hbspt-forms-0.8" data-gtm-yt-inspected-1_19="true"></iframe>
</form>

POST https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/146169/2101c475-809f-4105-8eab-7dbdeb6b03d7

<form novalidate="" accept-charset="UTF-8" action="https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/146169/2101c475-809f-4105-8eab-7dbdeb6b03d7" enctype="multipart/form-data" id="hsForm_2101c475-809f-4105-8eab-7dbdeb6b03d7"
  method="POST" class="hs-form stacked hs-form-private hsForm_2101c475-809f-4105-8eab-7dbdeb6b03d7 hs-form-2101c475-809f-4105-8eab-7dbdeb6b03d7 hs-form-2101c475-809f-4105-8eab-7dbdeb6b03d7_08d879da-4dd4-44ea-8701-74b5cd444939"
  data-form-id="2101c475-809f-4105-8eab-7dbdeb6b03d7" data-portal-id="146169" target="target_iframe_2101c475-809f-4105-8eab-7dbdeb6b03d7" data-reactid=".hbspt-forms-1">
  <div data-reactid=".hbspt-forms-1.1:$0">
    <div class="hs-richtext hs-main-font-element" data-reactid=".hbspt-forms-1.1:$0.0">
      <p><span style="color: #242424;">Never miss an update. Subscribe today!</span></p>
    </div>
  </div>
  <div class="hs_email hs-email hs-fieldtype-text field hs-form-field" data-reactid=".hbspt-forms-1.1:$1"><label id="label-email-2101c475-809f-4105-8eab-7dbdeb6b03d7" class="" placeholder="Enter your Email"
      for="email-2101c475-809f-4105-8eab-7dbdeb6b03d7" data-reactid=".hbspt-forms-1.1:$1.0"><span data-reactid=".hbspt-forms-1.1:$1.0.0">Email</span><span class="hs-form-required" data-reactid=".hbspt-forms-1.1:$1.0.1">*</span></label>
    <legend class="hs-field-desc" style="display:none;" data-reactid=".hbspt-forms-1.1:$1.1"></legend>
    <div class="input" data-reactid=".hbspt-forms-1.1:$1.$email"><input id="email-2101c475-809f-4105-8eab-7dbdeb6b03d7" class="hs-input" type="email" name="email" required="" placeholder="Email" value="" autocomplete="email"
        data-reactid=".hbspt-forms-1.1:$1.$email.0" inputmode="email"></div>
  </div>
  <div class="hs_lifecyclestage hs-lifecyclestage hs-fieldtype-radio field hs-form-field" style="display:none;" data-reactid=".hbspt-forms-1.1:$2"><label id="label-lifecyclestage-2101c475-809f-4105-8eab-7dbdeb6b03d7" class=""
      placeholder="Enter your Lifecycle Stage" for="lifecyclestage-2101c475-809f-4105-8eab-7dbdeb6b03d7" data-reactid=".hbspt-forms-1.1:$2.0"><span data-reactid=".hbspt-forms-1.1:$2.0.0">Lifecycle Stage</span></label>
    <legend class="hs-field-desc" style="display:none;" data-reactid=".hbspt-forms-1.1:$2.1"></legend>
    <div class="input" data-reactid=".hbspt-forms-1.1:$2.$lifecyclestage"><input name="lifecyclestage" class="hs-input" type="hidden" value="subscriber" data-reactid=".hbspt-forms-1.1:$2.$lifecyclestage.0"></div>
  </div>
  <div class="hs_utm_search_query hs-utm_search_query hs-fieldtype-text field hs-form-field" style="display:none;" data-reactid=".hbspt-forms-1.1:$3"><label id="label-utm_search_query-2101c475-809f-4105-8eab-7dbdeb6b03d7" class=""
      placeholder="Enter your Marketing Asset" for="utm_search_query-2101c475-809f-4105-8eab-7dbdeb6b03d7" data-reactid=".hbspt-forms-1.1:$3.0"><span data-reactid=".hbspt-forms-1.1:$3.0.0">Marketing Asset</span></label>
    <legend class="hs-field-desc" style="display:none;" data-reactid=".hbspt-forms-1.1:$3.1"></legend>
    <div class="input" data-reactid=".hbspt-forms-1.1:$3.$utm_search_query"><input name="utm_search_query" class="hs-input" type="hidden" value="Blog-Open-source-supply" data-reactid=".hbspt-forms-1.1:$3.$utm_search_query.0"></div>
  </div>
  <div class="hs_utm_campaign hs-utm_campaign hs-fieldtype-text field hs-form-field" style="display:none;" data-reactid=".hbspt-forms-1.1:$4"><label id="label-utm_campaign-2101c475-809f-4105-8eab-7dbdeb6b03d7" class=""
      placeholder="Enter your UTM Campaign" for="utm_campaign-2101c475-809f-4105-8eab-7dbdeb6b03d7" data-reactid=".hbspt-forms-1.1:$4.0"><span data-reactid=".hbspt-forms-1.1:$4.0.0">UTM Campaign</span></label>
    <legend class="hs-field-desc" style="display:none;" data-reactid=".hbspt-forms-1.1:$4.1"></legend>
    <div class="input" data-reactid=".hbspt-forms-1.1:$4.$utm_campaign"><input name="utm_campaign" class="hs-input" type="hidden" value="MAD" data-reactid=".hbspt-forms-1.1:$4.$utm_campaign.0"></div>
  </div>
  <div class="hs_utm_content hs-utm_content hs-fieldtype-text field hs-form-field" style="display:none;" data-reactid=".hbspt-forms-1.1:$5"><label id="label-utm_content-2101c475-809f-4105-8eab-7dbdeb6b03d7" class=""
      placeholder="Enter your UTM Content" for="utm_content-2101c475-809f-4105-8eab-7dbdeb6b03d7" data-reactid=".hbspt-forms-1.1:$5.0"><span data-reactid=".hbspt-forms-1.1:$5.0.0">UTM Content</span></label>
    <legend class="hs-field-desc" style="display:none;" data-reactid=".hbspt-forms-1.1:$5.1"></legend>
    <div class="input" data-reactid=".hbspt-forms-1.1:$5.$utm_content"><input name="utm_content" class="hs-input" type="hidden" value="" data-reactid=".hbspt-forms-1.1:$5.$utm_content.0"></div>
  </div>
  <div class="hs_utm_keyword hs-utm_keyword hs-fieldtype-text field hs-form-field" style="display:none;" data-reactid=".hbspt-forms-1.1:$6"><label id="label-utm_keyword-2101c475-809f-4105-8eab-7dbdeb6b03d7" class=""
      placeholder="Enter your UTM Keyword" for="utm_keyword-2101c475-809f-4105-8eab-7dbdeb6b03d7" data-reactid=".hbspt-forms-1.1:$6.0"><span data-reactid=".hbspt-forms-1.1:$6.0.0">UTM Keyword</span></label>
    <legend class="hs-field-desc" style="display:none;" data-reactid=".hbspt-forms-1.1:$6.1"></legend>
    <div class="input" data-reactid=".hbspt-forms-1.1:$6.$utm_keyword"><input name="utm_keyword" class="hs-input" type="hidden" value="" data-reactid=".hbspt-forms-1.1:$6.$utm_keyword.0"></div>
  </div>
  <div class="hs_utm_medium hs-utm_medium hs-fieldtype-text field hs-form-field" style="display:none;" data-reactid=".hbspt-forms-1.1:$7"><label id="label-utm_medium-2101c475-809f-4105-8eab-7dbdeb6b03d7" class="" placeholder="Enter your UTM Medium"
      for="utm_medium-2101c475-809f-4105-8eab-7dbdeb6b03d7" data-reactid=".hbspt-forms-1.1:$7.0"><span data-reactid=".hbspt-forms-1.1:$7.0.0">UTM Medium</span></label>
    <legend class="hs-field-desc" style="display:none;" data-reactid=".hbspt-forms-1.1:$7.1"></legend>
    <div class="input" data-reactid=".hbspt-forms-1.1:$7.$utm_medium"><input name="utm_medium" class="hs-input" type="hidden" value="newsletter" data-reactid=".hbspt-forms-1.1:$7.$utm_medium.0"></div>
  </div>
  <div class="hs_utm_source hs-utm_source hs-fieldtype-text field hs-form-field" style="display:none;" data-reactid=".hbspt-forms-1.1:$8"><label id="label-utm_source-2101c475-809f-4105-8eab-7dbdeb6b03d7" class="" placeholder="Enter your UTM Source"
      for="utm_source-2101c475-809f-4105-8eab-7dbdeb6b03d7" data-reactid=".hbspt-forms-1.1:$8.0"><span data-reactid=".hbspt-forms-1.1:$8.0.0">UTM Source</span></label>
    <legend class="hs-field-desc" style="display:none;" data-reactid=".hbspt-forms-1.1:$8.1"></legend>
    <div class="input" data-reactid=".hbspt-forms-1.1:$8.$utm_source"><input name="utm_source" class="hs-input" type="hidden" value="Email" data-reactid=".hbspt-forms-1.1:$8.$utm_source.0"></div>
  </div>
  <div class="hs_gclid hs-gclid hs-fieldtype-text field hs-form-field" style="display:none;" data-reactid=".hbspt-forms-1.1:$9"><label id="label-gclid-2101c475-809f-4105-8eab-7dbdeb6b03d7" class="" placeholder="Enter your GCLID"
      for="gclid-2101c475-809f-4105-8eab-7dbdeb6b03d7" data-reactid=".hbspt-forms-1.1:$9.0"><span data-reactid=".hbspt-forms-1.1:$9.0.0">GCLID</span></label>
    <legend class="hs-field-desc" style="display:none;" data-reactid=".hbspt-forms-1.1:$9.1"></legend>
    <div class="input" data-reactid=".hbspt-forms-1.1:$9.$gclid"><input name="gclid" class="hs-input" type="hidden" value="" data-reactid=".hbspt-forms-1.1:$9.$gclid.0"></div>
  </div>
  <div class="hs_all_utms hs-all_utms hs-fieldtype-textarea field hs-form-field" style="display:none;" data-reactid=".hbspt-forms-1.1:$10"><label id="label-all_utms-2101c475-809f-4105-8eab-7dbdeb6b03d7" class="" placeholder="Enter your All UTMs"
      for="all_utms-2101c475-809f-4105-8eab-7dbdeb6b03d7" data-reactid=".hbspt-forms-1.1:$10.0"><span data-reactid=".hbspt-forms-1.1:$10.0.0">All UTMs</span></label>
    <legend class="hs-field-desc" style="display:none;" data-reactid=".hbspt-forms-1.1:$10.1"></legend>
    <div class="input" data-reactid=".hbspt-forms-1.1:$10.$all_utms"><input name="all_utms" class="hs-input" type="hidden" value="" data-reactid=".hbspt-forms-1.1:$10.$all_utms.0"></div>
  </div>
  <div class="legal-consent-container" data-reactid=".hbspt-forms-1.2">
    <div class="hs-richtext" data-reactid=".hbspt-forms-1.2.0">
      <p> </p>
    </div>
    <div data-reactid=".hbspt-forms-1.2.1:0">
      <div class="hs-dependent-field" data-reactid=".hbspt-forms-1.2.1:0.$LEGAL_CONSENT=1subscription_type_3984794">
        <div class="hs_LEGAL_CONSENT.subscription_type_3984794 hs-LEGAL_CONSENT.subscription_type_3984794 hs-fieldtype-booleancheckbox field hs-form-field"
          data-reactid=".hbspt-forms-1.2.1:0.$LEGAL_CONSENT=1subscription_type_3984794.$LEGAL_CONSENT=1subscription_type_3984794">
          <legend class="hs-field-desc" style="display:none;" data-reactid=".hbspt-forms-1.2.1:0.$LEGAL_CONSENT=1subscription_type_3984794.$LEGAL_CONSENT=1subscription_type_3984794.1"></legend>
          <div class="input" data-reactid=".hbspt-forms-1.2.1:0.$LEGAL_CONSENT=1subscription_type_3984794.$LEGAL_CONSENT=1subscription_type_3984794.$LEGAL_CONSENT=1subscription_type_3984794">
            <ul class="inputs-list" data-reactid=".hbspt-forms-1.2.1:0.$LEGAL_CONSENT=1subscription_type_3984794.$LEGAL_CONSENT=1subscription_type_3984794.$LEGAL_CONSENT=1subscription_type_3984794.0">
              <li class="hs-form-booleancheckbox" data-reactid=".hbspt-forms-1.2.1:0.$LEGAL_CONSENT=1subscription_type_3984794.$LEGAL_CONSENT=1subscription_type_3984794.$LEGAL_CONSENT=1subscription_type_3984794.0.0"><label
                  for="LEGAL_CONSENT.subscription_type_3984794-2101c475-809f-4105-8eab-7dbdeb6b03d7" class="hs-form-booleancheckbox-display"
                  data-reactid=".hbspt-forms-1.2.1:0.$LEGAL_CONSENT=1subscription_type_3984794.$LEGAL_CONSENT=1subscription_type_3984794.$LEGAL_CONSENT=1subscription_type_3984794.0.0.0"><input
                    id="LEGAL_CONSENT.subscription_type_3984794-2101c475-809f-4105-8eab-7dbdeb6b03d7" class="hs-input" type="checkbox" name="LEGAL_CONSENT.subscription_type_3984794" value="true"
                    data-reactid=".hbspt-forms-1.2.1:0.$LEGAL_CONSENT=1subscription_type_3984794.$LEGAL_CONSENT=1subscription_type_3984794.$LEGAL_CONSENT=1subscription_type_3984794.0.0.0.0"><span
                    data-reactid=".hbspt-forms-1.2.1:0.$LEGAL_CONSENT=1subscription_type_3984794.$LEGAL_CONSENT=1subscription_type_3984794.$LEGAL_CONSENT=1subscription_type_3984794.0.0.0.1">
                    <p>I would like to receive communications from Checkmarx and its affiliates regarding software security, Checkmarx products and services. </p>
                  </span></label></li>
            </ul>
          </div>
        </div>
      </div>
      <legend class="hs-field-desc checkbox-desc" style="display:none;" data-reactid=".hbspt-forms-1.2.1:0.1"></legend>
    </div>
    <div class="hs-richtext" data-reactid=".hbspt-forms-1.2.2">
      <p>By submitting my information to Checkmarx, I hereby consent to the terms and conditions found in the Checkmarx <a href="https://www.checkmarx.com/privacy-policy/" target="_blank">Privacy Policy</a> and to the processing of my personal data
        as described therein. </p>
    </div>
    <div class="hs-richtext" data-reactid=".hbspt-forms-1.2.3">
      <p>By clicking submit below, you consent to allow Checkmarx to store and process the personal information submitted above to provide you the content requested.</p>
    </div>
  </div>
  <div class="hs_submit hs-submit" data-reactid=".hbspt-forms-1.5">
    <div class="hs-field-desc" style="display:none;" data-reactid=".hbspt-forms-1.5.0"></div>
    <div class="actions" data-reactid=".hbspt-forms-1.5.1"><input type="submit" value="SIGN UP" class="hs-button primary large" data-reactid=".hbspt-forms-1.5.1.0"></div>
  </div><noscript data-reactid=".hbspt-forms-1.6"></noscript><input name="hs_context" type="hidden"
    value="{&quot;rumScriptExecuteTime&quot;:2261.7999992370605,&quot;rumServiceResponseTime&quot;:2699.7999992370605,&quot;rumFormRenderTime&quot;:1.2000007629394531,&quot;rumTotalRenderTime&quot;:2733.400001525879,&quot;rumTotalRequestTime&quot;:435.29999923706055,&quot;legalConsentOptions&quot;:&quot;{\&quot;communicationConsentCheckboxes\&quot;:[{\&quot;communicationTypeId\&quot;:3984794,\&quot;label\&quot;:\&quot;<p>I would like to receive communications from Checkmarx and its affiliates regarding software security, Checkmarx products and services. </p>\&quot;,\&quot;required\&quot;:false}],\&quot;legitimateInterestLegalBasis\&quot;:\&quot;LEGITIMATE_INTEREST_PQL\&quot;,\&quot;communicationConsentText\&quot;:\&quot;<p> </p>\&quot;,\&quot;processingConsentType\&quot;:\&quot;IMPLICIT\&quot;,\&quot;processingConsentText\&quot;:\&quot;<p>By clicking submit below, you consent to allow Checkmarx to store and process the personal information submitted above to provide you the content requested.</p>\&quot;,\&quot;processingConsentCheckboxLabel\&quot;:\&quot;<p>I would like to receive communications from Checkmarx and its affiliates regarding software security, Checkmarx products and services.</p>\&quot;,\&quot;privacyPolicyText\&quot;:\&quot;<p>By submitting my information to Checkmarx, I hereby consent to the terms and conditions found in the Checkmarx <a href=\\\&quot;https://www.checkmarx.com/privacy-policy/\\\&quot; target=\\\&quot;_blank\\\&quot;>Privacy Policy</a> and to the processing of my personal data as described therein.  </p>\&quot;,\&quot;isLegitimateInterest\&quot;:false}&quot;,&quot;renderRawHtml&quot;:&quot;true&quot;,&quot;embedAtTimestamp&quot;:&quot;1649247426434&quot;,&quot;formDefinitionUpdatedAt&quot;:&quot;1639421734076&quot;,&quot;pageUrl&quot;:&quot;https://checkmarx.com/blog/the-open-source-supply-chain-under-assault-new-defenses-are-required/?utm_search_query=Blog-Open-source-supply&amp;utm_campaign=MAD&amp;utm_medium=newsletter&amp;_hsmi=209094726&amp;_hsenc=p2ANqtz--GSVO2Gve9OirEifZpt1lF0bmt0CaMY6YEZkKxMUsDNVR_PPv4rQcVr77d4rM8dV6Bod-mxuCSp8kxq6btPLBGABN6KRxVn4l7YKA8skeyrn6MSvk&amp;utm_source=Email&quot;,&quot;pageTitle&quot;:&quot;The Open Source Supply Chain Under Assault – New Defenses Are Required | Checkmarx.com&quot;,&quot;source&quot;:&quot;FormsNext-static-5.466&quot;,&quot;sourceName&quot;:&quot;FormsNext&quot;,&quot;sourceVersion&quot;:&quot;5.466&quot;,&quot;sourceVersionMajor&quot;:&quot;5&quot;,&quot;sourceVersionMinor&quot;:&quot;466&quot;,&quot;timestamp&quot;:1649247426434,&quot;userAgent&quot;:&quot;Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36&quot;,&quot;originalEmbedContext&quot;:{&quot;portalId&quot;:&quot;146169&quot;,&quot;formId&quot;:&quot;2101c475-809f-4105-8eab-7dbdeb6b03d7&quot;,&quot;target&quot;:&quot;#hbspt-form-1649247425000-0054216909&quot;},&quot;boolCheckBoxFields&quot;:&quot;LEGAL_CONSENT.subscription_type_3984794&quot;,&quot;urlParams&quot;:{&quot;utm_search_query&quot;:&quot;Blog-Open-source-supply&quot;,&quot;utm_campaign&quot;:&quot;MAD&quot;,&quot;utm_medium&quot;:&quot;newsletter&quot;,&quot;_hsmi&quot;:&quot;209094726&quot;,&quot;_hsenc&quot;:&quot;p2ANqtz--GSVO2Gve9OirEifZpt1lF0bmt0CaMY6YEZkKxMUsDNVR_PPv4rQcVr77d4rM8dV6Bod-mxuCSp8kxq6btPLBGABN6KRxVn4l7YKA8skeyrn6MSvk&quot;,&quot;utm_source&quot;:&quot;Email&quot;},&quot;renderedFieldsIds&quot;:[&quot;email&quot;,&quot;LEGAL_CONSENT.subscription_type_3984794&quot;],&quot;formTarget&quot;:&quot;#hbspt-form-1649247425000-0054216909&quot;,&quot;correlationId&quot;:&quot;a0e32c49-f0ef-4cfc-ae5b-99e243027dc9&quot;,&quot;contentType&quot;:&quot;blog-post&quot;,&quot;hutk&quot;:&quot;1ec9843f3179c75cbd93d504c6fdab97&quot;,&quot;captchaStatus&quot;:&quot;NOT_APPLICABLE&quot;}"
    data-reactid=".hbspt-forms-1.7"><iframe name="target_iframe_2101c475-809f-4105-8eab-7dbdeb6b03d7" style="display:none;" data-reactid=".hbspt-forms-1.8" data-gtm-yt-inspected-1_19="true"></iframe>
</form>

GET https://checkmarx.com/

<form action="https://checkmarx.com/" method="get" class="gm-search-wrapper-form">
  <div class="gm-form-group">
    <input type="text" name="s" class="gm-search__input">
    <button type="submit" class="gm-search-btn">
      <i class="fa fa-search"></i>
    </button>
  </div>
</form>

Text Content

Skip to content
Open toolbar

Accessibility

 * Increase Text
 * Decrease Text
 * Grayscale
 * High Contrast
 * Negative Contrast
 * Light Background
 * Links Underline
 * Readable Font
 * Reset

 * Solutions
   
    * PRODUCTS
      
       * Checkmarx AST Platform
         Integrated AppSec for Modern Development
       * Checkmarx SAST
         Source Code Scanning
       * Checkmarx SCA
         Open Source Scanning
       * Checkmarx Codebashing
         Secure Code Training
       * Checkmarx IAST
         Interactive Code Scanning
       * KICS
         Open Source: Infrastructure as Code Project
      
      SERVICES
      
       * AppSec Services
       * AppSec Accelerator
       * AppSec Program Methodology
      
      
       * Public Sector
       * Financial Services
      
      AWS and Checkmarx team up for seamless, integrated security analysis.
      Tell Me More

 * Why Checkmarx
   
    * WHY CHECKMARX
      
       * Why We’re the Right Choice
       * Customer Stories
       * Compliance and Certifications
       * Integrations
       * Languages We Support
      
      SOLUTIONS FOR
      
       * Developers
       * AppSec
       * Leadership
      
      We’ve been a Leader in the Gartner Magic Quadrant for Application Security
      Testing four years in a row.
      Get the Report

 * Company
   
    * COMPANY
      
       * About Us
       * Culture and Careers (We’re Hiring!)
       * Checkmarx Newsroom
       * Our Leadership
       * Investors
       * Awards and Industry Recognition
       * Upcoming Events
      
      PARTNERS
      
       * Partner Program
       * Find a Partner
       * Become a Partner
      
      TECH PARTNERS
      
       * AWS
       * Gitlab
      
      Help us make code, and the world, safer. It’s a job and a mission.
      Explore Open Roles

 * Careers
 * Community
    * Videos
    * Articles
    * Comics
    * Lessons
    * Tech Blog
    * Community Events

 * Resources
    * Ebooks & Whitepapers
    * Videos
    * Solution Briefs
    * Customer Stories
    * Documentation
    * All Resources

 * Blog
 * Contact
    * Chat With Us
    * Call Us
    * Office Locations
    * Support Portal
    * Partner Portal
    * Partner Program

 *  * English
    * German
    * Russian
    * Korean
    * Chinese
    * Japanese

 * Get a Demo

Search


 * Solutions
    * Checkmarx AST Platform
    * Products
    * Checkmarx SAST
    * Checkmarx SCA
    * Checkmarx CodeBashing
    * Checkmarx IAST
    * KICS
    * Services
    * AppSec Services
    * AppSec Accelerator
    * AppSec Program Methodology
    * Public Sector
    * Financial Services

 * Why Checkmarx
    * Why Checkmarx
    * Why We’re the Right Choice
    * Customer Stories
    * Compliance and Certifications
    * Integrations
    * Languages We Support
    * Solutions For
    * Developers
    * AppSec
    * Leadership

 * Company
    * Company
    * About Us
    * Culture and Careers
    * Checkmarx Newsroom
    * Checkmarx Leadership
    * Investors
    * Awards and Industry Recognition
    * Events
    * Partners
    * Partner Program
    * Find a partner
    * Become a Partner

 * Careers
 * Community
    * Videos
    * Articles
    * Comics
    * Lessons
    * Tech Blog
    * Community Events

 * Resources
    * E-books & White Papers
    * Videos
    * Customers
    * Solution Briefs
    * Documentation
    * All Resources

 * Blog
 * Contact Us
    * Chat With Us
    * Call Us
    * Office Locations
    * Support Portal
    * Partner Portal
    * Partner Program

 * Request a Demo
 * Global
    * English
    * Deutsch
    * Pусский
    * 한국어
    * 简体中文
    * 日本語


Search





Home » The Open Source Supply Chain Under Assault – New Defenses Are Required


THE OPEN SOURCE SUPPLY CHAIN UNDER ASSAULT – NEW DEFENSES ARE REQUIRED


 * Stephen Gates
 * March 22, 2022
 * Reading Time: 3 minutes



Never miss an update. Subscribe today!

Email*

Lifecycle Stage

Marketing Asset

UTM Campaign

UTM Content

UTM Keyword

UTM Medium

UTM Source

GCLID

All UTMs


 * I would like to receive communications from Checkmarx and its affiliates
   regarding software security, Checkmarx products and services.

By submitting my information to Checkmarx, I hereby consent to the terms and
conditions found in the Checkmarx Privacy Policy and to the processing of my
personal data as described therein.

By clicking submit below, you consent to allow Checkmarx to store and process
the personal information submitted above to provide you the content requested.



For those who’ve been working in the world of information security over the last
two decades have likely taken note of attacker Tactics, Techniques, and
Procedures (TTP), and how they’ve evolved over time. Let’s take a closer look at
what’s changed.


THE EVOLUTION OF TTP

In the very beginning of cyberattacks, attackers would spend time creating
self-propagating viruses and worms to exploit vulnerable operating systems and
desktop applications. For example, the “I Love You” virus, which dates back to
the year 2000, infected over ten million computers worldwide. Names like Code
Red, SQL Slammer, Sobig, MyDoom, Netsky, Stuxnet, Zues, and so on, made
headlines all over the globe. As a result, antivirus companies proliferated,
holes were plugged in operating systems, devices and perimeters were hardened,
bug bounties were initiated, and many of these TTPs were defeated.

During much of this same period, a new genre of TTPs emerged in concert with
these highly successful malware examples, and phishing became the new name - of
an old game. Since perimeter and workstation defenses were somewhat difficult to
overcome from the outside-looking-in, attackers knew that if they could fool
someone into clicking on a link in an email, back doors could be opened, and
perimeter defenses may well be defeated.

Therefore, a whole new generation of malware surfaced in the form of ransomware
and botnets. For example, names like Locky, Tiny Banker Trojan, Mirai, WannaCry,
Petya, and many more were the next malware variants to gain notoriety. Email
phishing defenses, spam detection systems, employee email phishing training,
etc. proliferated and helped defeat some of these attacks.

As a result, attackers likely began to conclude, “If we can infect a software
supply chain, our malware proliferation and victim count could grow
exponentially.” And in December of 2020 they did just that. The SolarWinds
supply chain attack took place, leading to both government and enterprise data
breaches that made headlines worldwide. However, the SolarWinds’ attack was
leveraged against a commercial software supply chain and was not necessarily
focused on what is called the open source supply chain.


WHY SUPPLY CHAIN – WHY NOW?

Today’s attackers realize that infecting the supply chain of open source
libraries, packages, components, modules, etc., in the context of open source
repositories, a whole new Pandora's box can be opened. And as we all know, once
you open that box, it’s nearly impossible to close. In fact, Checkmarx
leadership saw this coming. Back in December of 2019, Maty Siman, Founder and
CTO of Checkmarx contributed to this predictions blog.

Maty wrote, “With organizations increasingly leveraging open source software in
their applications, next year, we’ll see an uptick in cybercriminals
infiltrating open source projects. Expect to see attackers ‘contributing’ to
open source communities more frequently by injecting malicious payloads directly
into open source packages, with the goal of developers and organizations
leveraging this tainted code in their applications.

As we see this scenario unfold, there will be a growing need for processes like
developer and open source contributor background checks [contributor
reputation]. Currently, open source environments are based entirely on trust -
organizations typically don’t vet developers’ past projects or reputations.
However, as attackers take advantage of open source projects, this trust will
begin to erode, forcing organizations to take proactive mitigation steps by
thoroughly vetting the open source code within their applications, as well as
those providing it.”

So, as we see here, Maty Siman was spot on. Not only did Checkmarx see attacks
on the open source supply chain coming, in fact, they did something about it by
acquiring Dustico in August of 2021. Now, TTPs like dependency confusion,
typosquatting, repository jacking (aka ChainJacking), and star jacking are the
new name of the game. In fact, Checkmarx just released a new white paper today,
Introduction to Supply Chain Attacks, explaining how these attacks actually
work.


LANDSCAPE CHANGER: CHECKMARX SUPPLY CHAIN SECURITY

As a result of Maty’s predictions (which did come true, by the way), and their
proactive stance on defeating supply chain attacks, Checkmarx just announced a
new arrow in the quiver of enterprise-class, open source supply chain defenses.
Checkmarx SCA with Supply Chain Security (SCS) is now available, and the
solution sets an entirely new bar for all SCA solutions.

Checkmarx is first to market with supply chain defenses organizations need now
which include:

 * Health and Wellness, and Software Bill of Materials (SBOM)
 * Malicious Package Detection
 * Contributor Reputation
 * Behavior Analysis
 * Continuous Results Processing

In addition to our white paper on supply chain attacks, Checkmarx released
another white paper today, Don’t Take Code from Strangers – An Introduction to
Checkmarx Supply Chain Security. This paper goes into detail about topics like
SLSA, traditional code analysis, and pushing boundaries in secure software
supply chain innovation.

Checkmarx SCA with Supply Chain Security (SCS) offers a more comprehensive
approach to preventing supply chain attacks and securing open source usage by
enabling developers to perform vulnerability, behavioral, and reputational
analysis from a single, integrated platform. By natively integrating advanced
behavioral analysis into SCA, Checkmarx provides developers with a streamlined,
frictionless user experience to enhance their organization’s supply chain
security.

To learn more about Checkmarx SCA with Supply Chain Security, you can request a
demo here.

Never miss an update. Subscribe today!

Email*

Lifecycle Stage

Marketing Asset

UTM Campaign

UTM Content

UTM Keyword

UTM Medium

UTM Source

GCLID

All UTMs


 * I would like to receive communications from Checkmarx and its affiliates
   regarding software security, Checkmarx products and services.

By submitting my information to Checkmarx, I hereby consent to the terms and
conditions found in the Checkmarx Privacy Policy and to the processing of my
personal data as described therein.

By clicking submit below, you consent to allow Checkmarx to store and process
the personal information submitted above to provide you the content requested.




STEPHEN GATES

Stephen Gates is an experienced writer, blogger, and published author who brings
15+ years of hands-on knowledge in information security to the Checkmarx team.
Stephen is dedicated to conveying facts, figures, and information that brings
awareness to the cybersecurity issues all organizations and consumers face.
Aligning with Checkmarx mission of improving software security for all
organizations, he is an advocate and promoter of their solutions worldwide.
More Content by Author


STEPHEN GATES

Stephen Gates is an experienced writer, blogger, and published author who brings
15+ years of hands-on knowledge in information security to the Checkmarx team.
Stephen is dedicated to conveying facts, figures, and information that brings
awareness to the cybersecurity issues all organizations and consumers face.
Aligning with Checkmarx mission of improving software security for all
organizations, he is an advocate and promoter of their solutions worldwide.
More Content by Author


MORE RESOURCES TO CONSIDER

Open Source Licenses – Everything You Need to Know
April 4, 2022
All You Need to Know about Spring Framework Vulnerabilities
March 31, 2022
New Protestware Found Lurking in Highly Popular NPM Package
March 31, 2022
SpringShell – Remote Code Execution via Spring Web
March 31, 2022
Checkmarx is constantly pushing the boundaries of Application Security Testing
to make security seamless and simple for the world’s developers and security
teams. As the AppSec testing leader, we deliver the unparalleled accuracy,
coverage, visibility, and guidance our customers need to build tomorrow’s
software securely and at speed.
ABOUT CHECKMARX
REQUEST A DEMO
CAREERS WITH US

SOLUTIONS

 * KICS
 * Software Composition Analysis
 * SAST – Source Code Scanning Tools
 * Interactive Application Security Testing – IAST
 * Application Security Testing Solutions
 * Secure Code Training for Application Development
 * Software Security Testing Solutions

Menu
 * KICS
 * Software Composition Analysis
 * SAST – Source Code Scanning Tools
 * Interactive Application Security Testing – IAST
 * Application Security Testing Solutions
 * Secure Code Training for Application Development
 * Software Security Testing Solutions

INDUSTRY

 * Public Sector
 * Financial Services

Menu
 * Public Sector
 * Financial Services

SOLUTIONS FOR

 * Developers
 * AppSec
 * Leadership

Menu
 * Developers
 * AppSec
 * Leadership

SERVICES

 * AppSec Services
 * AppSec Accelerator
 * AppSec Program Methodology

Menu
 * AppSec Services
 * AppSec Accelerator
 * AppSec Program Methodology

PARTNERS

 * Partner Program
 * Find a Partner
 * Become a Partner

Menu
 * Partner Program
 * Find a Partner
 * Become a Partner

COMPANY

 * Why Checkmarx
 * Integrations and Frameworks
 * Languages
 * Trust
 * About Us
 * Newsroom
 * Checkmarx Leadership
 * Board of Directors
 * Investors
 * Careers
 * Awards
 * Contact Us
 * Sitemap

Menu
 * Why Checkmarx
 * Integrations and Frameworks
 * Languages
 * Trust
 * About Us
 * Newsroom
 * Checkmarx Leadership
 * Board of Directors
 * Investors
 * Careers
 * Awards
 * Contact Us
 * Sitemap

RESOURCES

 * Customer Stories
 * Blog
 * Technical Blog
 * Glossary

Menu
 * Customer Stories
 * Blog
 * Technical Blog
 * Glossary

COMMUNITY

 * Latest
 * Forum
 * Technical Articles

Menu
 * Latest
 * Forum
 * Technical Articles


Linkedin Twitter Youtube Facebook

Terms of Use | Checkmarx Privacy Policy | Checkmarx.com Cookie Policy

©2022 Checkmarx Ltd. All Rights Reserved. iISO/IEC 27001:2013 Certified


This website uses cookies to maximize your experience on our website. By
continuing on our website, you consent to our use of cookies. To find out more
about how we use cookies, please see our Cookie Policy.
I Accept Reject All
Manage consent
Close

PRIVACY OVERVIEW

This website uses cookies to improve your experience while you navigate through
the website. Out of these, the cookies that are categorized as necessary are
stored on your browser as they are essential for the working of basic
functionalities of the ...
Necessary
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly.
These cookies ensure basic functionalities and security features of the website,
anonymously.

CookieDurationDescriptioncookielawinfo-checkbox-analytics11 monthsThis cookie is
set by GDPR Cookie Consent plugin. The cookie is used to store the user consent
for the cookies in the category "Analytics".cookielawinfo-checkbox-functional11
monthsThe cookie is set by GDPR cookie consent to record the user consent for
the cookies in the category "Functional".cookielawinfo-checkbox-necessary11
monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to
store the user consent for the cookies in the category
"Necessary".cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR
Cookie Consent plugin. The cookie is used to store the user consent for the
cookies in the category "Other.cookielawinfo-checkbox-performance11 monthsThis
cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the
user consent for the cookies in the category
"Performance".viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie
Consent plugin and is used to store whether or not user has consented to the use
of cookies. It does not store any personal data.

Functional
Functional
Functional cookies help to perform certain functionalities like sharing the
content of the website on social media platforms, collect feedbacks, and other
third-party features.
Performance
Performance
Performance cookies are used to understand and analyze the key performance
indexes of the website which helps in delivering a better user experience for
the visitors.
Analytics
Analytics
Analytical cookies are used to understand how visitors interact with the
website. These cookies help provide information on metrics the number of
visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and
marketing campaigns. These cookies track visitors across websites and collect
information to provide customized ads.
Others
Others
Other uncategorized cookies are those that are being analyzed and have not been
classified into a category as yet.
SAVE & ACCEPT


START TYPING AND PRESS ENTER TO SEARCH