Tag
php-supply-chain
Safeguard articles tagged "php-supply-chain" — guides, analysis, and best practices for software supply chain and application security.
3 articles
Open Source Security
Packagist's GitHub Webhook Flaw That Could Have Poisoned ...
A 2022 Packagist webhook vulnerability let a crafted GitHub branch name trigger command injection on Packagist's servers, threatening the entire PHP/Composer supply chain.
Nov 30, 20256 min read
Open Source Security
Composer package vulnerability trends report
Composer package vulnerabilities rose 34% YoY, with 60%+ arriving via transitive dependencies. Safeguard breaks down the trends and what security teams should do.
Nov 14, 20256 min read
Open Source Security
Malicious Composer packages on Packagist
Three malicious Composer package campaigns hit Packagist in under a year -- each sitting undetected for months. Here's what happened and how to catch the next one faster.
Nov 13, 20257 min read