While the concept sounds sound, so far I've never actually seen this setup in th... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

srd on April 1, 2017 | parent | context | favorite | on: Dimnie: Malware targeting open-source developers

While the concept sounds sound, so far I've never actually seen this setup in the real world. Do you happen to have any resources on how to properly setup such a step in a CI tool?

auspex on April 1, 2017 [–]

Check out software like Twistlock, Sonatype and I think Tennable has a scanner as well that integrates into the pipeline. If your are not using Sonatype to build you can find good support for this in Jenkins or Team City via a plugin (Full disclosure, I work in this area)

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact