InvisiRisk Blog Posts
Build-Time Security: The Missing Layer in Application Security
By David Pulaski, CXO & Co-founder, InvisiRisk TL;DR AppSec tools cover code (SAST), dependencies (SCA), and deployed applications (DAST), but
Mini Shai-Hulud: Cross-Ecosystem Supply Chain Attack Hits npm, PyPI, and Packagist
Date Observed: April 29–30, 2026Ecosystem: npm, PyPI, Packagist (PHP)Targets: SAP enterprise developers, AI/ML engineers, DevOps and DevSecOps teams using Intercom
SANDWORM_MODE: How a Shai-Hulud-Style npm Worm Targets CI/CD Pipelines
SANDWORM_MODE: A New Wave of npm Supply Chain Attacks Targeting CI/CD Pipelines Date of Discovery: February 20, 2026 Ecosystem: npm
How InvisiRisk BAF Effectively Mitigates GitHub Actions Supply Chain Attacks Like the Ultralytics/Action Compromise
How InvisiRisk BAF Effectively Mitigates GitHub Actions Supply Chain Attacks Like the Ultralytics Attack Introduction The rise of automation in
GitHub Actions Supply Chain Attack: How InvisiRisk BAF Mitigates tj-actions/changed-files
In-Depth Analysis: How InvisiRisk BAF Effectively Mitigates GitHub Actions Supply Chain Attacks Introduction The modern software development lifecycle is heavily
Ensuring Software Supply Chain Security with Blessed Open-Source Repositories
Why Blessed Open-Source Repositories Matter In today’s rapidly evolving technological landscape, the importance of maintaining a secure and reliable software
Beyond Open-Source Vulnerability Tracking: Comprehensive Software Supply Chain Security with InvisiRisk
Beyond Open Source Vulnerability Tracking: Comprehensive Software Supply Chain Security with InvisiRisk In today’s rapidly evolving digital landscape, securing the
InvisiRisk Announces the Launch of its Software Supply Chain GRC Platform
InvisiRisk Launches GRC Platform for the Software Supply Chain InvisiRisk, Inc. is thrilled to announce the launch of its innovative
Achieve Software Compliance with InvisiRisk
Software Security Compliance Software security compliance is the process of ensuring that software meets the security requirements of a particular
Could Standard Security Attestations, Powered by InvisiRisk, Have Shielded the NHS supplier from the £3m ICO Fine?
NHS IT Provider Hit with £3m ICO Fine: A Supply Chain Security Wake-Up Call The recent ICO fine levied against
The Great NPM Heist – What Happened and How InvisiRisk Protects You
The Great NPM Heist: What Happened and How InvisiRisk Protects You In early September 2025 attackers orchestrated a large-scale supply
Bitwarden CLI npm Compromise: Bun-Staged Credential Stealer
Date Observed: April 23, 2026 Ecosystem: npm (Node.js) Targets: Developer workstations, GitHub Actions CI/CD pipelines, cloud environments, AI coding tool