In this special live stream, we will take a look at PINNY. It is designed as a simple tool for developers to hash-pin Dockerfiles and GitHub actions(two OSS dependencies which don’t have package managers but are instead directly downloaded from source) which protects from dependency hijacking & confusion. We will also be chatting about why securing CI/CD pipelines is important, which is opined to be an overlooked aspect of software supply chain security.
Our special guest will be Abhishek Anand, founder of Koalalab.
