Whitepapers & Research

Deep dives into supply chain security, threat research, and best practices from the Hextrap security team.

Featured
Research Report January 2025

State of Software Supply Chain Security 2025

Our annual report analyzing trends in supply chain attacks, emerging threats, and recommendations for securing your development pipeline. Based on data from 10,000+ organizations.

742% Increase in supply chain attacks since 2020
45% Of organizations experienced a breach
Download Report
State of Supply Chain Security
Best Practices 12 pages

Securing CI/CD Pipelines Against Supply Chain Attacks

A practical guide to hardening your build pipelines with defense-in-depth strategies.

December 2024 Download PDF →
Research 24 pages

Anatomy of a Typosquatting Attack

Deep analysis of real-world typosquatting campaigns in npm and PyPI ecosystems.

November 2024 Download PDF →
Compliance 18 pages

SBOM Requirements: A Practical Guide

Understanding Executive Order 14028 and implementing SBOM generation in your organization.

October 2024 Download PDF →
Technical Guide 8 pages

Implementing Package Firewalls at Scale

Architecture patterns and best practices for enterprise-wide package security.

September 2024 Download PDF →
Research 16 pages

Malicious Package Detection Techniques

How we detect cryptominers, data exfiltration, and backdoors in open source packages.

August 2024 Download PDF →
Best Practices 10 pages

Dependency Management for Security Teams

Building a dependency governance program that balances security and developer productivity.

July 2024 Download PDF →