Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

blog: Dependency Confusion and Typosquatting Attacks #1109

Merged
merged 9 commits into from
Sep 4, 2024
Merged

blog: Dependency Confusion and Typosquatting Attacks #1109

merged 9 commits into from
Sep 4, 2024

Conversation

meder
Copy link
Contributor

@meder meder commented Aug 13, 2024

Blogpost that looks at dependency confusion and typosquatting attacks from defender's perspective and defines "managed ingestion" as an important capability for supply chain risk management.

@meder
blog: Defender's Perspective: Dependency Confusion and Typosquatting …
7508a57 
…Attacks

Blogpost that looks at dependency confusion and typosquatting attacks from defender's perspective and defines "managed ingestion" as an important capability for supply chain risk management.

Signed-off-by: Meder Kydyraliev <1212257+meder@users.noreply.github.com>
@netlify Netlify
Copy link

netlify bot commented Aug 13, 2024
edited
Loading

Deploy Preview for slsa ready!

Name Link
🔨 Latest commit 964efee
🔍 Latest deploy log https://app.netlify.com/sites/slsa/deploys/66d844e68ce86d00087df227
😎 Deploy Preview https://deploy-preview-1109--slsa.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

joshuagl
joshuagl approved these changes Aug 21, 2024
View reviewed changes
Copy link
Member

@joshuagl joshuagl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Made a few minor suggestions for clarity, but otherwise this looks good to me. Thank you for writing this up.

docs/_posts/2024-08-13-dep-confusion-and-typosquatting.md Outdated Show resolved Hide resolved
docs/_posts/2024-08-13-dep-confusion-and-typosquatting.md Outdated Show resolved Hide resolved
docs/_posts/2024-08-13-dep-confusion-and-typosquatting.md Outdated Show resolved Hide resolved
mlieberman85
mlieberman85 approved these changes Aug 22, 2024
View reviewed changes
Copy link
Member

@mlieberman85 mlieberman85 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, I agree with @joshuagl 's suggestions.

@meder @joshuagl
Apply suggestions from code review
485001f 
Co-authored-by: Joshua Lock <joshuagloe@gmail.com>
Signed-off-by: Meder Kydyraliev <1212257+meder@users.noreply.github.com>
arewm
arewm requested changes Aug 23, 2024
View reviewed changes
Copy link
Member

@arewm arewm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for this blog post. A couple questions to help drive better clarity.

docs/_posts/2024-08-13-dep-confusion-and-typosquatting.md Outdated Show resolved Hide resolved
docs/_posts/2024-08-13-dep-confusion-and-typosquatting.md Outdated Show resolved Hide resolved
docs/_posts/2024-08-13-dep-confusion-and-typosquatting.md Outdated Show resolved Hide resolved
docs/_posts/2024-08-13-dep-confusion-and-typosquatting.md Outdated Show resolved Hide resolved
docs/_posts/2024-08-13-dep-confusion-and-typosquatting.md Outdated Show resolved Hide resolved
docs/_posts/2024-08-13-dep-confusion-and-typosquatting.md Outdated Show resolved Hide resolved
docs/_posts/2024-08-13-dep-confusion-and-typosquatting.md Outdated Show resolved Hide resolved
docs/_posts/2024-08-13-dep-confusion-and-typosquatting.md Show resolved Hide resolved
docs/_posts/2024-08-13-dep-confusion-and-typosquatting.md Outdated Show resolved Hide resolved
docs/_posts/2024-08-13-dep-confusion-and-typosquatting.md Outdated Show resolved Hide resolved
marcelamelara
marcelamelara requested changes Aug 26, 2024
View reviewed changes
Copy link
Contributor

@marcelamelara marcelamelara left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for submitting this blog post @meder ! My main high-level question is about the audience for this blog post. This is a relatively advanced topic, so if the intent is to reach a more general audience, my main suggestion is to make some revisions in the text that would help such an audience grapple with this topic. Either way, I left several comments that should help smooth out the flow and ease the transitions between sections to guide a more familiar reader as well.

docs/_posts/2024-08-13-dep-confusion-and-typosquatting.md Outdated Show resolved Hide resolved
docs/_posts/2024-08-13-dep-confusion-and-typosquatting.md Outdated Show resolved Hide resolved
docs/_posts/2024-08-13-dep-confusion-and-typosquatting.md Outdated Show resolved Hide resolved
docs/_posts/2024-08-13-dep-confusion-and-typosquatting.md Outdated Show resolved Hide resolved
docs/_posts/2024-08-13-dep-confusion-and-typosquatting.md Outdated Show resolved Hide resolved
docs/_posts/2024-08-13-dep-confusion-and-typosquatting.md Show resolved Hide resolved
docs/_posts/2024-08-13-dep-confusion-and-typosquatting.md Show resolved Hide resolved
docs/_posts/2024-08-13-dep-confusion-and-typosquatting.md Outdated Show resolved Hide resolved
docs/_posts/2024-08-13-dep-confusion-and-typosquatting.md Show resolved Hide resolved
docs/_posts/2024-08-13-dep-confusion-and-typosquatting.md Outdated Show resolved Hide resolved
@meder
Address reviewer comments
34be95d 
Signed-off-by: Meder Kydyraliev <1212257+meder@users.noreply.github.com>
@meder
Copy link
Contributor Author

meder commented Aug 27, 2024

@arewm @marcelamelara thank you both for the review and feedback, PTAL.

@meder
Reviewer feedback.
180d1e3 
Signed-off-by: Meder Kydyraliev <1212257+meder@users.noreply.github.com>
@meder
Copy link
Contributor Author

meder commented Aug 28, 2024

Thank you for the clarifications, @marcelamelara. Feedback was addressed, PTAL.

meder and others added 3 commits August 28, 2024 15:57
@meder @marcelamelara
Incorporate reviewer's suggestions.
7575fa6 
Co-authored-by: Marcela Melara <marcela.melara@intel.com>
Signed-off-by: Meder Kydyraliev <1212257+meder@users.noreply.github.com>
@meder
Address reviewer feedback.
7436fa6 
Signed-off-by: Meder Kydyraliev <1212257+meder@users.noreply.github.com>
@meder
Add links to recommendation examples.
f87641a 
Signed-off-by: Meder Kydyraliev <1212257+meder@users.noreply.github.com>
@meder
Copy link
Contributor Author

meder commented Aug 28, 2024

@marcelamelara I believe all feedback was addressed, PTAL.

@meder
Copy link
Contributor Author

meder commented Sep 1, 2024

@marcelamelara @arewm I'd like to target publish this on Wed (Sep 4th), please let me know if you have any blocking feedback.

@meder
Merge branch 'slsa-framework:main' into main
ad767e5
@meder
markdown lint fixes.
964efee 
Signed-off-by: Meder Kydyraliev <1212257+meder@users.noreply.github.com>
mlieberman85
mlieberman85 approved these changes Sep 4, 2024
View reviewed changes
Copy link
Member

@mlieberman85 mlieberman85 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

arewm
arewm approved these changes Sep 4, 2024
View reviewed changes
Copy link
Member

@arewm arewm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for this blog post!

marcelamelara
marcelamelara approved these changes Sep 4, 2024
View reviewed changes
Copy link
Contributor

@marcelamelara marcelamelara left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for all of the updates @meder ! LGTM.

@marcelamelara marcelamelara merged commit 970af04 into slsa-framework:main Sep 4, 2024
5 of 6 checks passed
zachariahcox pushed a commit to zachariahcox/slsa that referenced this pull request Oct 1, 2024
@meder @joshuagl
@marcelamelara @zachariahcox
blog: Dependency Confusion and Typosquatting Attacks (slsa-framework#…
d3e9e97 
…1109)

Blogpost that looks at dependency confusion and typosquatting attacks
from defender's perspective and defines "managed ingestion" as an
important capability for supply chain risk management.

---------

Signed-off-by: Meder Kydyraliev <1212257+meder@users.noreply.github.com>
Co-authored-by: Joshua Lock <joshuagloe@gmail.com>
Co-authored-by: Marcela Melara <marcela.melara@intel.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@marcelamelara marcelamelara marcelamelara approved these changes

@arewm arewm arewm approved these changes

@joshuagl joshuagl joshuagl approved these changes

@mlieberman85 mlieberman85 mlieberman85 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
Issue triage
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@meder @mlieberman85 @joshuagl @arewm @marcelamelara