Software supply chain attacks have evolved beyond exploiting known vulnerabilities. Attackers are using the growing reliance on OSS. They’re targeting maintainers, and the methods in which OSS is consumed. Attacks like typosquatting and dependency confusion, and any malicious manipulation of trusted OSS packages would be missed by relying only on known vulnerabilities.
Detect next-generation attacks such as typosquatting and dependency confusion and report on standards like NIST C-SRM and SLSA. Monitor for attack vectors that would be missed by known vulnerabilities. Quickly respond to issues by pinpoint where a vulnerable package is being used, and what applications depend on it.