Spectral announced the release of Preflight, an open-source tool that helps developers defend against chain of supply attacks. A supply chain attack occurs when someone exploits the vulnerabilities of third-party Spectral’s Preflight enables organizations to verify scripts and executables to mitigate such chain of supply attacks as the recent Codecov hack.
The Codecov supply-chain breach affected several companies including Monday.com, an online workflow management platform that works with such brands as Uber, BBC Studios, Universal, Hulu, L’Oreal, Coca-Cola, and Unilever. Monday.com disclosed that unauthorized users were able to obtain credentials harvested from a copy of their source code and use them to access sensitive information from hundreds of customer networks. Hackers exploit any weakness they come across, so the only defense is to continuously and automatically protect and monitor supply chain gaps and public blind spots.
Preflight automatically verifies a user’s CI and 3rd party scripts and can also verify and block binaries or any kind of executable from running if they contain malware, by querying popular anti-malware services. With Preflight, the user can review the source, build it themselves, and contribute anything found to be missing.
Supply chain attacks are increasing. In the past year, a group exploited SolarWinds’ Orion software and gained access to government and military clients, and U.S. Fortune 500 companies. Unfortunately, most organizations are unprepared to counter these attacks.
Original Release: PR Newswire