Progress announced the launch of Progress Data Cloud, a managed Data Platform as a Service designed to simplify enterprise data and artificial intelligence (AI) operations in the cloud.
Checkmarx Releases Supply Chain Threat Intelligence
January 31, 2023
Checkmarx announced the immediate availability of Supply Chain Threat Intelligence, which delivers detailed threat intelligence on hundreds of thousands of malicious packages, contributor reputation, malicious behavior and more.
Based on proprietary research by Checkmarx Labs, Supply Chain Threat Intelligence offers:
- Identification of malicious packages by attack type such as dependency confusion, typosquatting, chainjacking and more
- Analysis of contributor reputation through identification of anomalous activity within open source packages
- Intelligence on the malicious behavior of packages, including static and dynamic analysis to understand how the code runs
- A data lake that allows the ongoing analysis of packages long after they have been deleted from package managers, with over one million packages scanned per month
"In 2022, Checkmarx researchers exposed some of the most prolific open source attack groups, including RED-LILI and Lofygang," said Checkmarx CEO Emmanuel Benzaquen.
Checkmarx Supply Chain Threat Intelligence is delivered as an application programming interface (API) that is simple to integrate into many dashboards and development environments. Users obtain a unique token from Checkmarx, send in a package name and version and receive threat intelligence on the package.
The API helps developers and security professionals:
- Quickly and easily identify potential threats in open source packages
- Better understand the threat actor's decision-making process
- Perform bulk queries to efficiently receive intel on large numbers of packages at once
- Stay ahead of cyber threats with real-time updates and alerts on new and emerging risks
- Gain valuable insights and context on detected threats to inform security decisions
"Our Checkmarx Labs supply chain security team discovered 150,878 unique malicious packages in 2022 alone," said Erez Yalon, VP of Security Research at Checkmarx. "We're seeing attackers continue to strike and publish malicious packages even after they've been reported. They simply create new sock-puppet accounts and nothing stops them from doing so. Their relentless malicious behavior and the increasing velocity of new malicious package releases have led us to share our threat intelligence to help keep the open source ecosystem safe."
Industry News
January 23, 2025
January 23, 2025
Sonar announced the release of its latest Long-Term Active (LTA) version, SonarQube Server 2025 Release 1 (2025.1).
January 23, 2025
Idera announced the launch of Sembi, a multi-brand entity created to unify its premier software quality and security solutions under a single umbrella.
January 22, 2025
Postman announced the Postman AI Agent Builder, a suite empowering developers to quickly design, test, and deploy intelligent agents by combining LLMs, APIs, and workflows into a unified solution.
January 22, 2025
The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, announced the graduation of CubeFS.
January 21, 2025
BrowserStack and Bitrise announced a strategic partnership to revolutionize mobile app quality assurance.
January 16, 2025
Mendix, a Siemens business, announced the general availability of Mendix 10.18.
January 16, 2025
Red Hat announced the general availability of Red Hat OpenShift Virtualization Engine, a new edition of Red Hat OpenShift that provides a dedicated way for organizations to access the proven virtualization functionality already available within Red Hat OpenShift.
January 16, 2025
Contrast Security announced the release of Application Vulnerability Monitoring (AVM), a new capability of Application Detection and Response (ADR).
January 15, 2025
Red Hat announced the general availability of Red Hat Connectivity Link, a hybrid multicloud application connectivity solution that provides a modern approach to connecting disparate applications and infrastructure.
January 15, 2025
Appfire announced 7pace Timetracker for Jira is live in the Atlassian Marketplace.
January 14, 2025
SmartBear announced the availability of SmartBear API Hub featuring HaloAI, an advanced AI-driven capability being introduced across SmartBear's product portfolio, and SmartBear Insight Hub.
January 14, 2025
Azul announced that the integrated risk management practices for its OpenJDK solutions fully support the stability, resilience and integrity requirements in meeting the European Union’s Digital Operational Resilience Act (DORA) provisions.
January 14, 2025
OpsVerse announced a significantly enhanced DevOps copilot, Aiden 2.0.
