{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreigr6i6m2iw524dh6flpatixlg6eri67jxinzulmadmyynzwkortfy",
    "uri": "at://did:plc:zt6n4j3uzzhr7fxpzlsqhbu2/app.bsky.feed.post/3mmhwlhirfvb2"
  },
  "coverImage": {
    "$type": "blob",
    "ref": {
      "$link": "bafkreiai5fnr4j75qwe27tnk6dqe7hipehp5fpqhhlrbcuqegqxnoy3yfq"
    },
    "mimeType": "image/jpeg",
    "size": 467311
  },
  "path": "/when-the-pipeline-signs-your-malware-the-may-2026-supply-chain-chain/",
  "publishedAt": "2026-05-22T18:42:07.000Z",
  "site": "https://pro-it.rocks",
  "tags": [
    "security",
    "supply-chain",
    "devops",
    "npm",
    "slsa"
  ],
  "textContent": "Three supply-chain compromises in eight days self-propagated through SLSA-attested pipelines. The custodians signed the malware themselves.",
  "title": "When the Pipeline Signs Your Malware: The May 2026 Supply-Chain Chain"
}