{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreidmivjfa657n4pnxgvqcwhrlqtfrjiiwnzunth5asdbf36a5pcmla",
    "uri": "at://did:plc:gapzbf5nl5wxaqkqoecaeawh/app.bsky.feed.post/3mlmcv24jqov2"
  },
  "coverImage": {
    "$type": "blob",
    "ref": {
      "$link": "bafkreie7mnxf2iwfijclfvqnmilkcgb2zea22tarnea4jufdzdsenakilu"
    },
    "mimeType": "image/jpeg",
    "size": 22106
  },
  "path": "/how-open-source-dependency-and-repo-attacks-compromise-devops-pipelines-and-how-to-stay-safe/",
  "publishedAt": "2026-05-11T11:05:10.000Z",
  "site": "https://devops.com",
  "tags": [
    "Blogs",
    "Business of DevOps",
    "Contributed Content",
    "DevOps and Open Technologies",
    "DevSecOps",
    "Social - Facebook",
    "Social - LinkedIn",
    "Social - X",
    "CVE",
    "Dependency Governance",
    "log4j",
    "Malicious Code Injection",
    "open source security",
    "Package Managers",
    "SBoM",
    "secure development",
    "supply chain risk",
    "typosquatting"
  ],
  "textContent": "Modern applications rely on open source components for up to 90% of their code, creating a vast attack surface dominated by inhemalicious supply chain injections. High-profile incidents like Log4j and the sabotage of colors.js highlight that traditional scanning often fails to detect sophisticated \"protestware\" or dependency confusion, necessitating 19 practical controls focused on strict intake governance, dependency pinning, and behavioral monitoring to secure the development lifecycle.",
  "title": "How Open Source Dependency and Repo Attacks Compromise DevOps Pipelines and How to Stay Safe"
}