supplychain Enforce a safe Composer version across your organization This is the next post in our supply chain security series, following the supply chain security update, the Composer 2.10 release, closing Composer's download fallback paths, and blocking malware downloads for every Composer version. While the protections we have shipped try their best to cover older Composer
supplychain Blocking malware downloads for every Composer version in Private Packagist This is the next post in our supply chain security series, following the supply chain security update, the Composer 2.10 release, and the recent post on closing Composer's download fallback paths. Composer 2.10's dependency policy framework is a substantial step forward for PHP supply
supplychain Closing Composer's download fallback paths in Private Packagist This is the next post in our supply chain security series, following the supply chain security update and the Composer 2.10 release. Each post in this series covers a specific Composer behavior worth understanding, and a Private Packagist feature we are introducing on top of it. Today: How Composer&
composer Composer 2.10 Release We are excited to announce the release of Composer 2.10.0, introducing native malware filtering and consolidated future-proof customizable dependency policy configuration to control the handling of security advisories, abandoned packages, and now malware. Fast detection of malware for packages published on Packagist.org is provided by Aikido. This
composer An update on Composer & Packagist supply chain security The last months, and even more so the last weeks, saw an increasing amount of software supply chain attacks targeting open-source ecosystems. A handful of these have hit the PHP ecosystem too, via taken-over GitHub accounts and stolen access tokens that let attackers publish new tags on packages they had
