Resources

Featured Scantist Articles

Read all about application security, open source risk management and DevSecOps here

Scantist Blogs

How can we better identify and neutralize malicious packages in the PyPI ecosystem to safeguard our open-source software?

How can we better identify and neutralize malicious packages in the PyPI ecosystem to safeguard our open-source software?

The RoguePuppet Lesson: Why Software Supply Chain Security Is Non-Negotiable

A critical software supply chain vulnerability was recently averted when security researcher Adnan Khan uncovered a severe flaw in the GitHub repository Puppet Forge in early July 2024. Dubbed RoguePuppet, this vulnerability would have allowed any GitHub user to push official modules to the repository of Puppet, a widely-used open-source configuration management tool.

Driving Security: The Critical Role of Binary Analysis in Automotive Cybersecurity

In the rapidly evolving automotive industry, cybersecurity has become a paramount concern. With the increasing connectivity and complexity of modern vehicles, manufacturers face unprecedented challenges in ensuring the safety and security of their products. The introduction of regulations like UN R155 and R156 has further emphasized the need for robust cybersecurity measures throughout the vehicle lifecycle.

Case Study

Evaluating the health of the development lifecycle

Find out how Thompson (Scantist's Software Composition Analysis tool) helped Deputy analysed the health of their development environment and track the dependency of components within their infrastructure while preventing the invalidity of their applications with the presence of legacy systems.

Application Evaluation for Investment Decision

A merchant banking firm was looking to invest in a start-up HR tech company. Prior to making a decision, it is critical to understand and evaluate the proposition of the tech company and verify the integrity of codes used in its applications and systems.

Fuzzing for server-like programs

Find out how Hollerith (Scantist's Smart Fuzzer) helped our client, Big Telco, disclosed exploitable vulnerabilities despite its server-like programs which rendered existing fuzzing solutions infeasible.