News

GitHub supply chain attack sees thousands of tokens and secrets stolen in GhostAction campaign

Thousands of secrets such as PyPI and AWS keys, GitHub tokens, and more, were stolen recently during a supply-chain attack ...
adtmag.com14y

Java.net Projects Now on Maven Central Repository

Sonatype, the chief commercial supporter of the open-source Maven project, is working with Oracle to bring Java.net project artifacts to the Maven Central Repository, which the company administers for ...
CSO Online3d

GhostAction campaign steals 3325 secrets in GitHub supply chain attack

Attackers abused GitHub Actions workflows to siphon off thousands of credentials from hundreds of npm and PyPI repositories.
TheServerSide6y

4 ways to upload a JAR to a JFrog Artifactory repository

If you're a software developer with POM files at the root of your project, you know a thing or two about obtaining files from a Maven repository. It's easy to pull from Maven central or the in-house ...