Securing your Software Dependencies with Rego's Policy as Code
In our previous post Intro to Open Policy Agent for Policy as Code with Regohttps://hextrap.com/blog/introtoopenpolicyagentforpolicyascodewithrego/ we introduce the very basic fundamentals of Open
Read articleIntro to Open Policy Agent for Policy As Code with Rego
Open Policy Agenthttps://www.openpolicyagent.org/ OPA is a cloudnative policy engine used for enforcing policyascode in major open source projects like Kuberneteshttps://kubernetes.io/,
Read articleBakin' some bun into Hextrap
Earlier this year we added support for bun to our list of supported package management tools for Javascript. bun is much more than a package manager for Javascript go
Read articleWhy we added MCP support
Since their inception, Hextrap's firewalls were designed to be used by developers locally and in their CI/CD processes. Now that LLMs have taken over, a new threat has emerged in
Read articleThe Case for Soak Time: Why Waiting 72 Hours Could Save Your Company
Analyzing malicious package detection timelines reveals a simple but effective defense most organizations overlook.
Read articleInside a Typosquatting Campaign: 200 Malicious Packages in 48 Hours
Forensic analysis of a coordinated attack on PyPI that exploited human error at scale.
Read articleThe Anatomy of a Software Supply Chain Attack
How attackers exploit trust relationships in package ecosystems to compromise thousands of organizations in a single stroke.
Read articleDependency Confusion: Why Your Private Packages Aren't Private
A deep dive into the attack vector that allowed researchers to breach Apple, Microsoft, and PayPal using nothing but a package.json file.
Read articleWhat the xz Backdoor Taught Us About Long-Term Compromise
The near-miss catastrophe that almost gave attackers root access to most Linux systems, and what it reveals about open source trust.
Read article